For the record, here's the response from the mid-atlantic linux list that I need to check out: I should preface this by saying the experience I have with either Woody or DEC Alpha's is only slightly above none. I've got even less for apt-get & endoshield (I just write my scripts by hand). However, I do know that Netfilter -- because it's part of the kernel -- can not be updated via any sort of patch or update program (e.g. RPM or, as I understand it, apt-get.) You have to get the source & recompile your kernel to update Netfilter (the hooks in the kernel) & you'll also want to update iptables (the userland command.) Judging by your error, which mentions iptables v1.2.6a, it looks like your Netfilter/iptables needs updating (1.2.7a is current -- take a look at www.netfilter.org, they've also got some great how-to's there.) Also note that you can end up with multiple versions of iptables on the same box -- watch where you put it, and make sure to use the right one for the kernel you boot. [That one cost me a little hair first time around...] Toby Fisher writes: > From: Toby Fisher <toby at tjfisher.co.uk> > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 2 Dec 2002, Janina Sajka wrote: > > > I'm trying to setup some firewalling rules using the endoshield script. > > This is on a DEC Alpha running Debian Woody with the 2.4.20 kernel. I'm > > fully updated based on apt-get. > > > > When I run the script I get: > > > > /lib/modules/2.4.20/kernel/net/ipv4/netfilter/ip_tables.o: insmod > > ip_tables failed > > iptables v1.2.6a: can't initialize iptables table `filter': iptables > > who? (do you need to insmod?) > > > > This happens whatever I do to /etc/init.d/iptables. -- halt, stop, > > start, etc. Actually, "start" doesn't work, complains about an "unknown > > rule set." > > > > If I try to modprobe ip_tables, I get the same error. If I try rmmod, > > I'm told it isn't loaded, and indeed, it doesn't show with lsmod. > > > > Sounds like you've got iptables compiled straight into the kernel, just > edit the script and comment out the lines that try to load the iptables > module. This is done so that people can have a system using either > iptables or ipchains. I had a similar problem, but a few comments in the > right places means that it now runs error-free. > > HTH > > - -- > Toby Fisher Email: toby at tjfisher.co.uk > Tel.: +44(0)1480 417272 Mobile: +44(0)7974 363239 > ICQ: #61744808 > Please avoid sending me Word or PowerPoint attachments. > See http://www.fsf.org/philosophy/no-word-attachments.html > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ > > iD8DBQE97M44Kl9qIwuqk+IRAvsFAJ0UXng36bRZtlxWaZOCDZnoM/uwmACfWbqj > rwl+O97Ri83j8XfWzKFXVTg= > =5ubM > -----END PGP SIGNATURE----- > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup -- Janina Sajka, Director Technology Research and Development Governmental Relations Group American Foundation for the Blind (AFB) Email: janina at afb.net Phone: (202) 408-8175
