Jozsef Kadlecsik wrote:
> On Sun, 10 Sep 2006, Mike Wright wrote:
>
>> Trying to create a set:
>> "ipset -N TEST iphash" fails with:
>> ipset v2.2.9: Error from kernel: Protocol not available
>
>
>
> The ipset binary isn't smart enough to autoload the ip_set kernel module,
> you need to load it manually (or via /etc/modules at system boot time):
>
> # modprobe ip_set
>
Thanks Jozsef. (Sorry for private reply. Meant to reply to the list.)
That worked. Also had to modprobe ip_set_iphash.
Still can't get iptables to recognize my set. Can't find which step
I've missed. Here's the ipset -L
Name: BADIPS
Type: iphash
References: 0
Default binding:
Header: hashsize: 1024 probes: 8 resize: 50
Members:
3.4.5.6
2.3.4.5
1.2.3.4
Bindings:
...and modules
lsmod |grep ip_set
ip_set_iphash 8164 1
ip_set 20828 2 ip_set_iphash
Now I want to add a rule to iptables.
"iptables -A INPUT -m set --set BADIPS src -j DROP"
But it errs with
"iptables: No chain/target/match by that name"
It seems that iptables does not know about BADIPS? <Grasping />
If anyone knows what is missing I would sure appreciate the help :)
Thanks,
Mike Wright
> Best regards,
> Jozsef
