Ray, et al -- ...and then Ray Leach said... % % On Thu, 2003-05-29 at 05:56, David T-G wrote: ... % > What is it? From where does (er, should) it come? % > % It's a netfilter module, and it comes from the iptables distribution The module part I had guessed, but I couldn't find it. % (also in the 2.4 kernel distro). You get it by compiling and installing % the iptables distro, or selecting match support in the netfilter kernel % config section and compiling the kernel. Ahhh... So it *was* there before, and I *didn't* botch the typing as I was tweaking the script! Very interesting. 1) I originally tried doing the firewall config for this machine via SuSEfirewall2 before giving up and going directly to iptables. After getting things tested, we rebuilt the server from scratch to ensure that my installation script would work -- and got to this problem. Would fw2 have added the match module and possible kernel tweaks, or did my client install a different kernel when he rebuilt this time? 2) What, if anything is the difference between iptables -t filter -A INPUT -i EXTT -m match NEW,RELATED,ESTABLISHED -j ACCEPT (the original, which throws the error) and iptables -t filter -A INPUT -i EXTT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT (the current, which seems to work)? TIA & HAND :-D -- David T-G * There is too much animal courage in (play) davidtg@xxxxxxxxxxxxxxx * society and not sufficient moral courage. (work) davidtgwork@xxxxxxxxxxxxxxx -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
Attachment:
pgp00463.pgp
Description: PGP signature
