[opensuse] [Fwd: iptables-extensions]
Hi all, i would like to add random-function to my iptables But allthough i thought i added enough i seem to miss something.. iptables -A PREROUTING -i eth0 -p udp --dport 1200 -m state --state NEW -m random --average 25 -j DNAT --to-destination 192.87.141.197:1201 iptables v1.4.8: Couldn't load match `random':/usr/lib/xtables/libipt_random.so: cannot open shared object file: No such file or directory find / -iname "*libipt_random*" [indeed nothing] zypper search xtables i | libxtables7 | iptables extension interface i | xtables-addons | IP Packet Filter Administration Extensions i | xtables-addons-kmp-xen | IP Packet Filter Administration Extensions So where can i find "libipt_random.so" ? Hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 2012-03-09 at 18:52 +0100, Hans Witvliet wrote:
Hi all,
i would like to add random-function to my iptables But allthough i thought i added enough i seem to miss something..
iptables -A PREROUTING -i eth0 -p udp --dport 1200 -m state --state NEW -m random --average 25 -j DNAT --to-destination 192.87.141.197:1201 iptables v1.4.8: Couldn't load match `random':/usr/lib/xtables/libipt_random.so: cannot open shared object file: No such file or directory
find / -iname "*libipt_random*" [indeed nothing]
zypper search xtables i | libxtables7 | iptables extension interface i | xtables-addons | IP Packet Filter Administration Extensions i | xtables-addons-kmp-xen | IP Packet Filter Administration Extensions
So where can i find "libipt_random.so" ?
Hans
Even stranger... it looks like, it should have been a part of mainstream iptables package, according to: http://rpmfind.net/linux/rpm2html/search.php?query=libipt_random.so But that specific module is missing in 11.3, 11.4 and sles11sp1 (and i assume also in 12.1) The functionality it provides is described in: http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.ht... and http://linuxgazette.net/108/odonovan.html afaict, there is nothing to replace it. hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hans Witvliet wrote:
On Fri, 2012-03-09 at 18:52 +0100, Hans Witvliet wrote: Even stranger... it looks like, it should have been a part of mainstream iptables package, according to: http://rpmfind.net/linux/rpm2html/search.php?query=libipt_random.so
But that specific module is missing in 11.3, 11.4 and sles11sp1 (and i assume also in 12.1)
The random module is not included in the regular iptables source package. (I don't know why). I guess you have to patch it yourself. -- Per Jessen, Zürich (1.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 2012-03-10 at 09:29 +0100, Per Jessen wrote:
Hans Witvliet wrote:
On Fri, 2012-03-09 at 18:52 +0100, Hans Witvliet wrote: Even stranger... it looks like, it should have been a part of mainstream iptables package, according to: http://rpmfind.net/linux/rpm2html/search.php?query=libipt_random.so
But that specific module is missing in 11.3, 11.4 and sles11sp1 (and i assume also in 12.1)
The random module is not included in the regular iptables source package. (I don't know why). I guess you have to patch it yourself.
Hi Per, Sure, i could patch & compile it myself, but (besides other reaons for not doing so) i would be the only one benefitting fom it. So the essential question (who is maintaining iptables?) is indeed _why_ is that module not included. If it would be some obscure and unmaintained patch from "John Doe" it would be understandable. But it looks like an option that the maintainer has forgotton to enable.... Or, if there was a good reason for not doing so, i woud very much like to know it. Hans -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Monday 12 March 2012 00:12:29 Hans Witvliet wrote:
Sure, i could patch & compile it myself, but (besides other reaons for not doing so) i would be the only one benefitting fom it.
So the essential question (who is maintaining iptables?) is indeed _why_ is that module not included. If it would be some obscure and unmaintained patch from "John Doe" it would be understandable. But it looks like an option that the maintainer has forgotton to enable....
Or, if there was a good reason for not doing so, i woud very much like to know it.
I gave it to you already. The module is statistic, with the --mode random parameter now, as the man page tells you Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Saturday 10 March 2012 00:34:17 Hans Witvliet wrote:
The functionality it provides is described in: http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.ht ml and http://linuxgazette.net/108/odonovan.html
afaict, there is nothing to replace it.
-m statistic --mode random perhaps? This is what is described in the man page Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Anders Johansson -
Hans Witvliet -
Per Jessen