On Sun, 20 Feb 2005, Pekka Savola wrote:
I have now added ip_conntrack_ftp and ip_nat_ftp in
/etc/sysconfig/iptables-config (and removed them from /etc/rc.modules). The
basic ip_conntrack is loaded automatically so I left it out. Now full ftp
connection tracking is back :)
This is good to know. However, did you explicitly check whether the modules
were or were not loaded after a restart and loading int he rules without
changing iptables-config?
That is, the whole purpose of the Fedora Legacy security update _was_ to fix
the automatic loading of modules. If this doesn't work... we have a problem.
Hmm. Could you try out RPMs at:
http://www.netcore.fi/pekkas/linux/iptables-1.2.8-8.90.2.legacy.i386.rpm
http://www.netcore.fi/pekkas/linux/iptables-1.2.8-8.90.2.legacy.src.rpm
http://www.netcore.fi/pekkas/linux/iptables-ipv6-1.2.8-8.90.2.legacy.i386.rpm
The only change was to replace:
+ ret = malloc(PROCFILE_BUFSIZ);
with:
+ ret = (char *) malloc(PROCFILE_BUFSIZ);
because that's how it's done in upstream CVS and Debian.
If that fixes it, Red Hat's FC3 fix that we used was broken..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
--
fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
