[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

Walter Haidinger walter at doxlock.com
Wed Aug 31 11:10:16 UTC 2011


Am 31.08.2011 04:24, schrieb Always Learning:
> 
> On a VPS I wanted to add to IP tables:-
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
> 
> I got:
> 	iptables: Unknown error 18446744073709551615
>
> uname -a =  2.6.35.4 #2  (don't know how this got installed)
> lsmod | grep ipt = ipt_LOG   5419  2 
> yum upgrade iptables* = nothing to install.

I had similar problems back with CentOS 5.4 and non-distro kernel 2.6.32
when I tried to use the MARK target.

The fix was to get a more recent iptables from netfilter.org.
iptables-1.4.7 work for me, currently CentOS 5.6 and kernel 2.6.35.14
in production.

Since I only require the newer iptables command when adding MARK targets
to the mangle table, I've installed netfilter.org iptables to /opt/iptables
and "set export PATH=/opt/iptables/sbin:${PATH}" in scripts where needed.
Yes, no custom rpm built, just a quick and dirty install to /opt...

FYI, kernels 2.6.32 and 2.6.35 work fine with CentOS 5 except for the
the iptables issue above and a (minor) mcelog problem, IIRC.

Hope that helps,
Walter

PS: To install iptables from source is pretty straightforward:
    get the tarball from netfilter.org, unpack and run:
    ./configure --prefix=/opt/iptables && make && make install



More information about the CentOS mailing list