On Fri, 2002-07-05 at 20:15, Harald Welte wrote: > On Fri, Jul 05, 2002 at 04:08:54PM +0200, Jean-Michel Hemstedt wrote: > > FYI, > > > > I upgraded to iptables-1.2.6a (user & kernel-2.4.18 patches) > > and got the following (maybe known) problems: > > > > - QUEUE target is NOK with kernel compiled with CONFIG_IP_NF_QUEUE=m > > => the packets are queued, but ipq_create_handle() returns > > "can't create netlink socket" > > "ERROR: Unable to create netlink socket: Connection refused" > > (problem with exported symbols?) > > =>quick fix: compile kernel with CONFIG_IP_NF_QUEUE=y > > I think james should be able to answer that.
The problem is that the ip_queue module isn't loaded automagically when a program requires it. I have no idea if this can be fixed or not but the problem is known and can easily be corrected by simply insmod ip_queue > > > - ipqmpd-0.3: default verdict NF_ACCEPT is not applied when no > > process has attached to it. In fact ipqmpd starts, but it seems > > that it never receives any packet (in ipq_inp). When one process > > attaches to it, with a mark different from the queued packet, then > > the default NF_ACCEPT is applied correctly. When all processes have > > detached from ipqmpd, the default NF_ACCEPT continues to be applied > > correctly. > > ever looked at the CVS repository? > http://www.gnumonks.org/cgi-bin/cvsweb.cgi/ipqmpd/ > > None of that code has been touched since 22 months... I wrote ipqmpd for > fun, and nobody really seemed to use it. Feel free to submit patches or > take over maintainership of ipqmpd :) > > > kr, > > -jmhe- He who expects nothing shall never be disappointed > > -- > Live long and prosper > - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ > ============================================================================ > GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- > V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*) -- Iain Barnes <[EMAIL PROTECTED]>
