Le 14/12/2019 à 09:31, Pierre Labastie via blfs-support a écrit : > Le 14/12/2019 à 02:55, DJ Lucas via blfs-support a écrit : >> >> >> On 12/13/2019 8:57 AM, Pierre Labastie via blfs-support wrote: >>> Le 13/12/2019 à 15:15, Pierre Labastie via blfs-support a écrit : >>>> Hi, >>>> >>>> I just installed the 5.4.2 kernel, and got: >>>> >>>> modprobe: FATAL: Module xt_LOG not found in directory /lib/modules/5.4.2 >>>> >>>> at boot. Note that this is not the result of having it builtin: >>>> nf_conntrack >>>> is builtin, and there is no message about it. I think the problem is rather >>>> that in: >>>> Networking support ---> >>>> Networking options ---> >>>> Network packet filtering framework (Netfilter) ---> >>>> Core Netfilter Configuration ---> >>>> >>>> I have: >>>> -*- Netfilter Xtables support (required for ip_tables) >>>> *** Xtables combined modules *** >>>> >>>> That is all the options under Xtable support >>>> (where xt_LOG resides according to help) >>>> are combined into one and not select-able individually (automatically >>>> selected). But while for example xt_NFLOG (another module associated to an >>>> option under the same hierarchy) appears in the builtin modules, xt_LOG >>>> does >>>> not... >>>> >>>> I've not investigated more, because I do not know anything about this >>>> netfilter stuff... But I wanted to let you know >>>> >>> Well, it seems you need to tick "Advanced netfilter configuration", under >>> Network packet filtering framework (Netfilter) ---> >>> to get access to the individual Xtables modules. >>> >> >> Then this should be added to the book I think. Thanks for double checking it. >> I'm studying for a vendor test right now, but will get to it in a couple of >> days. >> > > Note that "make defconfig" adds all the Xtable options as modules [m]. But I > had a config from previous builds, and somehow, it did not have xt_LOG ticked > (while it had xt_NFLOG, but it is the result of many runs of "make oldconfig" > for each new kernel, and I guess I've missed a "no" answer to this one, or > something like that.): since it is the config for VMs, which are on a host, > which is itself behind a router (provided by the ISP), I thought I did not > need iptables, but now it is recommended for something, so I have to set it > up.
Hmmm, it's been recommended by NetworkManager for years. It's just that the recent changes in iptables have unveiled this misconfiguration. > > Anyway, I'll try to document this in the book today. > Done at 22470. I've given the configuration for running the personal firewall only. Hope it is OK. Pierre -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
