[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
Walter Haidinger
walter at doxlock.com
Wed Aug 31 11:10:16 UTC 2011
Am 31.08.2011 04:24, schrieb Always Learning:
>
> On a VPS I wanted to add to IP tables:-
> iptables -A XXXX -p tcp -m string --algo bm --string 'login' -j DROP
>
> I got:
> iptables: Unknown error 18446744073709551615
>
> uname -a = 2.6.35.4 #2 (don't know how this got installed)
> lsmod | grep ipt = ipt_LOG 5419 2
> yum upgrade iptables* = nothing to install.
I had similar problems back with CentOS 5.4 and non-distro kernel 2.6.32
when I tried to use the MARK target.
The fix was to get a more recent iptables from netfilter.org.
iptables-1.4.7 work for me, currently CentOS 5.6 and kernel 2.6.35.14
in production.
Since I only require the newer iptables command when adding MARK targets
to the mangle table, I've installed netfilter.org iptables to /opt/iptables
and "set export PATH=/opt/iptables/sbin:${PATH}" in scripts where needed.
Yes, no custom rpm built, just a quick and dirty install to /opt...
FYI, kernels 2.6.32 and 2.6.35 work fine with CentOS 5 except for the
the iptables issue above and a (minor) mcelog problem, IIRC.
Hope that helps,
Walter
PS: To install iptables from source is pretty straightforward:
get the tarball from netfilter.org, unpack and run:
./configure --prefix=/opt/iptables && make && make install
More information about the CentOS
mailing list