On Mon, Jul 14, 2014 at 5:07 PM, Reindl Harald h.reindl@thelounge.net wrote:
Am 14.07.2014 23:00, schrieb Jerry Geis:
I am getting this error...
Try `iptables -h' or 'iptables --help' for more information. iptables v1.4.7: Couldn't load target `Spamhaus':/lib64/xtables/libipt_Spamhaus.so: cannot open shared object file: No such file
yum provides says not found also. CentOS 6.5 x86_64
http://www.catb.org/esr/faqs/smart-questions.html
it's obvious that you wrote a wrong iptables rule what do you image could yum find?
post whatever you did or nobody can help you
I did not send the exact command I used but it is "yum provides /lib64/xtables/libipt_Spamhaus.so" No matches found.
I am using this script to block spam: #!/bin/bash IPTABLES=/sbin/iptables FILE="/tmp/drop.txt" URL="http://www.spamhaus.org/drop/drop.txt"
$IPTABLES -D INPUT -j Spamhaus $IPTABLES -D OUTPUT -j Spamhaus $IPTABLES -D FORWARD -j Spamhaus $IPTABLES -F Spamhaus $IPTABLES -X Spamhaus
cd /tmp wget $URL $IPTABLES -N Spamhaus
blocks=$(cat $FILE | egrep -v '^;' | awk '{ print $1}') for ipblock in $blocks do $IPTABLES -A Spamhaus -s $ipblock -j DROP done
blocks=$(cat /etc/silentm/firewall_custom.conf | egrep -v '^;' | awk '{ print $1}') for ipblock in $blocks do $IPTABLES -A Spamhaus -s $ipblock -j DROP done
$IPTABLES -I INPUT -j Spamhaus $IPTABLES -I OUTPUT -j Spamhaus $IPTABLES -I FORWARD -j Spamhaus
This script then outputs that error about the missing .so
jerry
Am 14.07.2014 23:13, schrieb Jerry Geis:
I did not send the exact command I used but it is "yum provides /lib64/xtables/libipt_Spamhaus.so" No matches found.
I am using this script to block spam: #!/bin/bash IPTABLES=/sbin/iptables FILE="/tmp/drop.txt" URL="http://www.spamhaus.org/drop/drop.txt"
$IPTABLES -D INPUT -j Spamhaus $IPTABLES -D OUTPUT -j Spamhaus $IPTABLES -D FORWARD -j Spamhaus $IPTABLES -F Spamhaus $IPTABLES -X Spamhaus
cd /tmp wget $URL $IPTABLES -N Spamhaus
blocks=$(cat $FILE | egrep -v '^;' | awk '{ print $1}') for ipblock in $blocks do $IPTABLES -A Spamhaus -s $ipblock -j DROP done
blocks=$(cat /etc/silentm/firewall_custom.conf | egrep -v '^;' | awk '{ print $1}') for ipblock in $blocks do $IPTABLES -A Spamhaus -s $ipblock -j DROP done
$IPTABLES -I INPUT -j Spamhaus $IPTABLES -I OUTPUT -j Spamhaus $IPTABLES -I FORWARD -j Spamhaus
This script then outputs that error about the missing .so
jerry
It means that your script is not correct[1] and by error tries to load a helper module which does not exist. So fix your script.
[1] "cat | grep | awk" constructs are far from being elegant.
Alexander
On 07/15/2014 12:45 AM, Alexander Dalloz wrote:
It means that your script is not correct[1] and by error tries to load a helper module which does not exist. So fix your script.
[1] "cat | grep | awk" constructs are far from being elegant.
Alexander
I think that these are not too bad.. And you can use xargs instead of a for loop.
If you have another suggestion you can throw the one-liner here.
Eliezer
Am 15.07.2014 01:51, schrieb Eliezer Croitoru:
On 07/15/2014 12:45 AM, Alexander Dalloz wrote:
It means that your script is not correct[1] and by error tries to load a helper module which does not exist. So fix your script.
[1] "cat | grep | awk" constructs are far from being elegant.
Alexander
I think that these are not too bad.. And you can use xargs instead of a for loop.
If you have another suggestion you can throw the one-liner here.
Eliezer
The OP's code snipplet:
blocks=$(cat $FILE | egrep -v '^;' | awk '{ print $1}') for ipblock in $blocks do $IPTABLES -A Spamhaus -s $ipblock -j DROP done
Running without the pipe construct because awk can do that all by itself (reading the source file and inverse greping):
while read ipblock do $IPTABLES -A Spamhaus -s $ipblock -j DROP done < <(awk '!/^;/ { print $1 }' $FILE)
Alexander
On 07/15/2014 11:09 AM, Alexander Dalloz wrote:
Running without the pipe construct because awk can do that all by itself (reading the source file and inverse greping):
while read ipblock do $IPTABLES -A Spamhaus -s $ipblock -j DROP done < <(awk '!/^;/ { print $1 }' $FILE)
Alexander
Thanks Alexander,
Indeed you are right it can be done and with very big files it will mean a lot.
Also he might consider to use ipset instead of basic iptables to make the lookup a bit faster but it should be ok as it is.
Eliezer
-
Alexander Dalloz -
Eliezer Croitoru -
Jerry Geis