(Thanks, Joseph.:-) So I obtained the iptables-1.2.9 source package and compiled it. On 'make install', however I found libipt_recent.so was NOT placed into the loadable modules directory...! I don't know if that has something to do with its being a RedHat system, or if it's something omitted from iptables' own config or Makefile. Either way -- I moved it there manually, and things appear to be working as intended, now. :-) Thanks kindly to the several folks who offered thoughts and assistance on this. I'll come back in a separate message with a question about using either '--limit' or '-m recent' to address SYN floods. -- Jeff -- On Thu, Jun 03, 2004 at 09:52:26AM +0200, Jozsef Kadlecsik wrote: > On Wed, 2 Jun 2004, Jeff Gordon wrote: > > > > Jeff Gordon wrote: > > > > I'm running a RH ES 3 system, and it appears _support_ for ipt_recent > > > > is included in the kernel but libipt_recent.so is nowhere to be found. > > > > Kernel source for the prebuilt kernel in the distribution is available. > > > > > > In general, if a kernel feature is built into the kernel there is no > > > appropriate module file. Because the functionality is in the kernel. > > > > - If I do 'modprobe ipt_recent' and then 'lsmod |grep ip', > > I see 'ipt_recent' at the top of listing. > > > > - However, if I then add a rule with '-m recent' in it, > > iptables complains it can't find libipt_recent.so. > > That's the iptables shared library for recent match, which is missing from > your systems. In other words the iptables binary lacks the recent match > support and thus you cannot use the feature available in the kernel. > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary > > > -- -- Jeff -- <http://www.wellnow.com> "There's nothing left in the world to prove. All that's worth doing is to love one another, using whatever means are available to serve."
