On 3/29/2017 12:07 PM, Norman Henderson wrote: > Thanks Matt. I had looked at both articles; the netfilter.org one would > seem to require me to build a kernel - and doesn't give a lot of detail. > The shorewall one doesn't say "how" to set up xtables-addons. > > There is no package xtables-addons in Ubuntu Xenial however I did install > the packages: > xtables-addons-common xtables-addons-dkms xtables-addons-source >
from: https://launchpad.net/ubuntu/xenial/+package/xtables-addons-dkms "The dkms package will automatically compile the driver for your current kernel version." Before installing the 'ipset' utility $ shorewall show capabilities | grep ipset ipset V5 (IPSET_V5): Not available and after installing the 'ipset' utility $ shorewall show capabilities | grep ipset ipset V5 (IPSET_V5): Available At least on Debian, Shorewall has now the ipset capability! > On Wed, Mar 29, 2017 at 10:41 AM, Matt Darfeuille <[email protected]> wrote: > >> On 3/29/2017 8:30 AM, Norman Henderson wrote: >>> Hi, I am running 5.0.12 on Ubuntu 16.04.2 LTS with kernel 4.4.0-66 and >>> would like to use an ipset to control routing to a list of netblocks >>> (actually an entire country). I came up with the idea to set a Mark >> (based >>> on the ipset) in shorewall/mangle, and then route based on the Mark in >>> route_rules. What I get is: >>> ERROR: ipset names in Shorewall configuration files require Ipset Match >> in >>> your kernel and iptables. >>> >>> What isn't obvious after some searching, is how to enable IPset Match >>> support. In the kernel config file, there is a line: >>> CONFIG_NET_EMATCH_IPSET=m >>> So, I should be able to just load that should I not? >>> I attempted: modprobe em_ipset >>> which succeeded, but I still get the shorewall error. >>> >>> Help please and thank you! >>> >> >> Take a look at: >> http://shorewall.org/ipsets.html >> >> http://ipset.netfilter.org/ >> >> -Matt >> -- >> Matt Darfeuille >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Shorewall-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
