Yep, think this is it - you'll need to recompile and look for all the iptables/netfilter options. If you compile as modules they'll only get loaded if you need them anyway.
cheers, Jamie On 23/02/2008, Dave <[EMAIL PROTECTED]> wrote: > It is a stock Debian install although I have customised the kernel. The > default kernel is very slow on my laptop and hangs whilst initialising > the shdci module. So I rebuilt the kernel to deal with these issues and > to streamline the kernel to better fit my laptop hardware. > > The connection tracking modules you listed via modprobe do not exist in > my modules directories for my custom kernel although they do appear in > the module directories for the default 2.18.6 kernel. Perhaps I need to > recompile kernel and build these modules? I am new to linux, but it is > always more fun running before one can walk. > > > # iptables -A INPUT -i eth1 -j ACCEPT > > > works > > > # iptables -A INPUT -i eth0 -m state --state NEW -j DROP > > > causes mismatch error > > cheers > > Dave > > > > Jamie Riden wrote: > > Is this a stock Debian install? There should be kernel modules around > > to do the -match > > and ACCEPT should be a valid target. > > > > Do either of the following commands work? > > > > # iptables -A INPUT -i eth1 -j ACCEPT > > # iptables -A INPUT -i eth0 -m state --state NEW -j DROP > > > > (these may cause problems with your net connection - iptables -F > > should restore normal service afterwards) > > > > have you got the following connection tracking modules? > > > > # modprobe -l | grep netf | grep conn > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/xt_conntrack.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/xt_connmark.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/xt_connbytes.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_tftp.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_sip.ko > > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_proto_sctp.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_pptp.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_netlink.ko > > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_proto_gre.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_irc.ko > > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_netbios_ns.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_ftp.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_h323.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack.ko > > /lib/modules/2.6.22-14-generic/kernel/net/netfilter/nf_conntrack_amanda.ko > > > /lib/modules/2.6.22-14-generic/kernel/net/ipv6/netfilter/nf_conntrack_ipv6.ko > > > /lib/modules/2.6.22-14-generic/kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko > > > > cheers, > > Jamie -- Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED] UK Honeynet Project: http://www.ukhoneynet.org/ _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
