View previous topic :: View next topic |
Author |
Message |
bayarealad n00b
Joined: 22 Dec 2016 Posts: 1
|
Posted: Thu Dec 22, 2016 4:17 am Post subject: Re: Solved |
|
|
vectox wrote: | I had the same problem as well. When "recent" is selected as a kernel option it works just fine, but after I changed it to a loadable module it stopped working. Adding "extensions" to the make.conf file and recompiling iptables also did the trick for me. Thanks for the info. |
Although I selected recent as a kernel option it still throws error message as mentioned below when i try to install iptable rule with "-m recent" option. I did not find make.conf under iptables directory. Can somebody help me build libipt_recent.so ? This is blocking my project.
iptables v1.3.3: Couldn't load match `recent':/lib/iptables/libipt_recent.so: cannot open shared object file: No such file or directory |
|
Back to top |
|
|
cboldt Veteran
Joined: 24 Aug 2005 Posts: 1046
|
Posted: Thu Dec 22, 2016 12:53 pm Post subject: |
|
|
That version of iptables is so old that it doesn't appear in the portage tree anymore.
I'm running the RECENT match rule here (on three machines), and there is no libipt_rec.so file anywhere on the system.
If updating iptables doesn't work (and I ended up unmasking the ~x86 1.6.0-r1 version, but if i recall correctly, that was to get ipsets to work, and -match recent was working with the recent stable iptables, 1.4.21), then the fix is probably in kernel config. Below is from 4.4.26 kernel.
Code: | CONFIG_NETFILTER_XT_MATCH_RECENT:
|
│ This match is used for creating one or many lists of recently
│ used addresses and then matching against that/those list(s).
│
│ Short options are available by using 'iptables -m recent -h'
│ Official Website: <http://snowman.net/projects/ipt_recent/>
│
│ Symbol: NETFILTER_XT_MATCH_RECENT [=m]
│ Type : tristate
│ Prompt: "recent" match support
│ Location:
│ -> Networking support (NET [=y])
│ -> Networking options
│ -> Network packet filtering framework (Netfilter) (NETFILTER [=y])
│ -> Core Netfilter Configuration
│ -> Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES [=m])
│ Defined at net/netfilter/Kconfig:1348
│ Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NETFILTER_XTABLES [=m] && NETFILTER_ADVANCED [=y] |
Edit to add, I do have an /usr/lib/xtables/libxt_recent.so and that file belongs to the iptables package.
Packet filtering details have evolved, and I'd be looking for compatibility between kernel version and iptables version, as well. |
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10589 Location: Somewhere over Atlanta, Georgia
|
Posted: Thu Dec 22, 2016 1:58 pm Post subject: |
|
|
Split from the 9-year-old iptables 1.3.2 -- libipt_recent.so not compiling and moved to Unsupported Software because the support request appears to be non-Gentoo related.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
|