Re: iptables geoip not working after update to jessie
Hi, So, I removed xtables-addons-source: apt-get remove xtables-addons-source And reinstalled xtables-addons-dkms: apt-get install --reinstall xtables-addons-dkms That built the module, and things started working again. Thanks Reco! On 9-5-2018 10:38, Reco wrote: Hi. On Wed, May 09, 2018 at 08:37:52AM +0200, mj wrote: Hi, Yesterday I upgraded a server from wheezy to jessie. Went fine, with one exception: my geoip iptables rules no longer work: root@jessie:~# iptables -A INPUT -m geoip --src-cc RU -j DROP iptables: No chain/target/match by that name. This machine was originaly wheezy, and at that time, I installed the geo ip, according to my notes, like this: apt-get install xtables-addons-common libtext-csv-xs-perl That's not enough. 'apt show xtables-addons-common' says: Note: this package is only useful with a corresponding xtables-addons-dkms package, which you may produce with module-assistant: module-assistant auto-install xtables-addons-source Either install "xtables-addons-dkms" (which should build missing kernel modules by itself), or "xtables-addons-source" (and use module-assistant then). Reco
Re: iptables geoip not working after update to jessie
Hi Reco, Thanks for your reply. Holidays here now, I will try your suggestions next week, and report back then. Thanks! MJ On 05/09/2018 10:38 AM, Reco wrote: Hi. On Wed, May 09, 2018 at 08:37:52AM +0200, mj wrote: Hi, Yesterday I upgraded a server from wheezy to jessie. Went fine, with one exception: my geoip iptables rules no longer work: root@jessie:~# iptables -A INPUT -m geoip --src-cc RU -j DROP iptables: No chain/target/match by that name. This machine was originaly wheezy, and at that time, I installed the geo ip, according to my notes, like this: apt-get install xtables-addons-common libtext-csv-xs-perl That's not enough. 'apt show xtables-addons-common' says: Note: this package is only useful with a corresponding xtables-addons-dkms package, which you may produce with module-assistant: module-assistant auto-install xtables-addons-source Either install "xtables-addons-dkms" (which should build missing kernel modules by itself), or "xtables-addons-source" (and use module-assistant then). Reco
Re: iptables geoip not working after update to jessie
Hi. On Wed, May 09, 2018 at 08:37:52AM +0200, mj wrote: > Hi, > > Yesterday I upgraded a server from wheezy to jessie. Went fine, with one > exception: my geoip iptables rules no longer work: > > > root@jessie:~# iptables -A INPUT -m geoip --src-cc RU -j DROP > > iptables: No chain/target/match by that name. > > This machine was originaly wheezy, and at that time, I installed the geo ip, > according to my notes, like this: > > > apt-get install xtables-addons-common libtext-csv-xs-perl That's not enough. 'apt show xtables-addons-common' says: Note: this package is only useful with a corresponding xtables-addons-dkms package, which you may produce with module-assistant: module-assistant auto-install xtables-addons-source Either install "xtables-addons-dkms" (which should build missing kernel modules by itself), or "xtables-addons-source" (and use module-assistant then). Reco
iptables geoip not working after update to jessie
Hi, Yesterday I upgraded a server from wheezy to jessie. Went fine, with one exception: my geoip iptables rules no longer work: root@jessie:~# iptables -A INPUT -m geoip --src-cc RU -j DROP iptables: No chain/target/match by that name. This machine was originaly wheezy, and at that time, I installed the geo ip, according to my notes, like this: apt-get install xtables-addons-common libtext-csv-xs-perl and cd /tmp/geoip /usr/lib/xtables-addons/xt_geoip_dl mkdir /usr/share/xt_geoip /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv This worked in wheezy, but alas after the upgrade it stopped. :-( Iptables still seems to know about geoip, because "iptables -m geoip --help" still lists the geoip match options: geoip match options: [!] --src-cc, --source-country country[,country...] Match packet coming from (one of) the specified country(ies) [!] --dst-cc, --destination-country country[,country...] Match packet going to (one of) the specified country(ies) NOTE: The country is inputed by its ISO3166 code. As I really need to block some countries, I would very much appreciate any assistance here. This post describes exactly my issue: https://bbs.archlinux.org/viewtopic.php?id=195565 root@jessie:~# modprobe xt_geoip modprobe: FATAL: Module xt_geoip not found. But the fix from the post (depmod -a) doesn't help us at all. No output, no difference. Could someone help me out? Best regards, MJ FYI: root@jessie:~# modprobe -c | grep x_tab alias symbol:xt_alloc_entry_offsets x_tables alias symbol:xt_alloc_table_info x_tables alias symbol:xt_check_entry_offsets x_tables alias symbol:xt_check_match x_tables alias symbol:xt_check_target x_tables alias symbol:xt_compat_add_offset x_tables alias symbol:xt_compat_calc_jump x_tables alias symbol:xt_compat_check_entry_offsets x_tables alias symbol:xt_compat_flush_offsets x_tables alias symbol:xt_compat_init_offsets x_tables alias symbol:xt_compat_lock x_tables alias symbol:xt_compat_match_from_user x_tables alias symbol:xt_compat_match_offset x_tables alias symbol:xt_compat_match_to_user x_tables alias symbol:xt_compat_target_from_user x_tables alias symbol:xt_compat_target_offset x_tables alias symbol:xt_compat_target_to_user x_tables alias symbol:xt_compat_unlock x_tables alias symbol:xt_copy_counters_from_user x_tables alias symbol:xt_find_jump_offset x_tables alias symbol:xt_find_match x_tables alias symbol:xt_find_revision x_tables alias symbol:xt_find_table_lock x_tables alias symbol:xt_find_target x_tables alias symbol:xt_free_table_info x_tables alias symbol:xt_hook_link x_tables alias symbol:xt_hook_unlink x_tables alias symbol:xt_proto_fini x_tables alias symbol:xt_proto_init x_tables alias symbol:xt_recseq x_tables alias symbol:xt_register_match x_tables alias symbol:xt_register_matches x_tables alias symbol:xt_register_table x_tables alias symbol:xt_register_target x_tables alias symbol:xt_register_targets x_tables alias symbol:xt_replace_table x_tables alias symbol:xt_request_find_match x_tables alias symbol:xt_request_find_target x_tables alias symbol:xt_table_unlock x_tables alias symbol:xt_unregister_match x_tables alias symbol:xt_unregister_matches x_tables alias symbol:xt_unregister_table x_tables alias symbol:xt_unregister_target x_tables alias symbol:xt_unregister_targets x_tables
