Re: layer7 (l7-filter) compatible with f8 kernel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Dec 5, 2007 7:02 PM, Neal Becker <ndbecker2@xxxxxxxxx> wrote:
> Anyone know if the f8 kernel (kernel-2.6.23.8-63) is compatible with
> l7-filter-userspace?  Doesn't seem to work:
>
> sudo /sbin/modprobe -v ip_conntrack_netlink
> insmod /lib/modules/2.6.23.8-63.fc8/kernel/net/ipv4/netfilter/nf_nat.ko
> insmod /lib/modules/2.6.23.8-63.fc8/kernel/net/netfilter/nf_conntrack_netlink.ko
> [nbecker@nbecker1 l7-filter-userspace-v0.4]$ /usr/bin/l7-filter --help
>
>                       ***WARNING***
> The ip_conntrack_netlink module does not appear to be loaded.
> Unless you have it compiled into your kernel, please load it
> and run l7-filter again.
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

Hi Neal Becker!

Thanks for widening my education.  I am no expert but love looking at
this new network stuff!

From: http://l7-filter.sourceforge.net/HOWTO-userspace

I see (note the part about "Linux 2.6.20 and newer"):
------------------------------------------------------
Kernel

For Linux 2.6.19.7 and older, you simply need to have connection
tracking and the connection tracking netlink interface enabled. I
think that this is the default in most cases. (XXX what is the oldest
version of Linux that has these capabilities? 2.6.14, I think. Needs
testing.)

For Linux 2.6.20 and newer, Netfilter has new "Layer 3 Independent
Connection tracking" which l7-filter is not yet compatible with
(mostly due to lack of library support from libnetfilter_conntrack).
While the old layer 3 dependent connection tracking is still
available, it is not selected by default, so you will probably need to
recompile your kernel with it. In the Linux kernel config, go to
Networking → Networking options → Network packet filtering framework
(Netfilter) → Core Netfilter Configuration. Under "Netfilter
connection tracking support", select "Layer 3 Dependent Connection
tracking (OBSOLETE)". Then go to Networking → Networking options →
Network packet filtering framework → IP: Netfilter Configuration" and
enable "Connection tracking netlink interface" (and probably most of
the rest of the stuff on that page). This is a pain in the ass, sorry!

Either way, you need the module ip_conntrack_netlink or the same code
compiled into your kernel.
----------------------------------------------
Which seems pertinent.

Have Fun!

Tod

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux