RE: Fedora-11 Status

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: Steve Grubb [mailto:sgrubb@xxxxxxxxxx]
> Sent: 22 October 2009 21:39
> To: Kedar Sovani; fedora-arm@xxxxxxxxxx
> Subject: Re:  Fedora-11 Status
> 
> On Tuesday 06 October 2009 04:45:33 am you wrote:
> > > I was wondering if in the next kernel build if
> > > netfilter/iptables can be
> > > enabled?
> >
> > We do not disable it.
> >
> > The kernel build just picks the default fedora kernel
> configuration and
> >  merges the arch-specific ("config-arm" in our case)
> exception file. This
> >  file hasn't disabled iptables:
> >
> http://cvs.fedoraproject.org/viewvc/rpms/kernel/devel/config-
> arm?revision=
> > 1.5
> 
> OK, I assumed it was not working because:
> 
> iptables-restore /etc/sysconfig/iptables
> FATAL: Could not load /lib/modules/2.6.30-00000-
> v2.6.30/modules.dep: No such
> file or directory
> iptables-restore v1.4.3.1: iptables-restore: unable to
> initialize table
> 'filter'
> 
> Error occurred at line: 3
> Try `iptables-restore -h' or 'iptables-restore --help' for more
> information.

Have you installed all the kernel modules for your kernel at install_root/lib/modules/<kernel_version> ?

May be it does not find the kernel modules to load?


Kedar.
 

> I traced through the initscript and decided to just try
> iptables-restore by
> itself. The initscripts really want a loadable module. Anyways,
> based on your
> comment, I tried setting --modprobe=/bin/true  to trick it. No
> luck. It
> doesn't complain about not being able to load the module
> anymore, but still
> fails at line 3. The firewall rules are simple:
> 
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> 
> Running strace, it dies like this:
> 
> socket(PF_INET, SOCK_RAW, IPPROTO_RAW)  = 4
> getsockopt(4, SOL_IP, 0x40 /* IP_??? */, 0xbeda7ee8,
> 0xbeda7ee0) = -1
> ENOPROTOOPT (Protocol not available)
> close(4)                                = 0
> 
> -Steve

_______________________________________________
fedora-arm mailing list
fedora-arm@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-arm
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux ARM (Vger)]     [Linux ARM]     [ARM Kernel]     [Fedora User Discussion]     [Older Fedora Users Discussion]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Maintainers]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

Powered by Linux