On 12.01.2010 18:34, FiloSottile wrote: > I am running on a OpenVZ box with static unmodifiable kernel. > I have no ipt_state and ipt_connmark but i have xt_state and xt_connmark. > I want to build a simple firewall, but when i run that: > > # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables: No chain/target/match by that name > > How to use xt_state instead ipt_state? Or there is an alternative way to > build firewall? > Thank you > eris:~# modinfo xt_state filename: /lib/modules/2.6.24-etchnhalf.1-686/kernel/net/netfilter/xt_state.ko license: GPL author: Rusty Russell <rusty@xxxxxxxxxxxxxxx> description: ip[6]_tables connection tracking state match module alias: ipt_state alias: ip6t_state vermagic: 2.6.24-etchnhalf.1-686 SMP mod_unload 686 depends: x_tables,nf_conntrack eris:~# grep -w xt_state /lib/modules/$(uname -r)/modules.alias alias ipt_state xt_state alias ip6t_state xt_state xt_state is the successor of ipt_state. what does modprobe -v xt_state say? uname -a? regards Mart -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
