That is exactly what I did, and it compiled without error. After that
I did KERNEL_DIR=... make install and installed the whole thing.
HOWEVER, it still does not work!
After reboot, when I try 'ipset --version' it tells me it does not
know the kernel version, so I looked at /lib/modules/2.6.16.60/ and
saw that in a directory called 'extra' there were all the ipset
modules sitting. So what I did is modprobe all .ko files to load them
into the memory. lsmod confirmed it that they are loaded without errors.
So, hopeful that I finally cracked it I executed 'iptables -I
blacklist 1 -m set --match-set test dst -j DROP' (I created the
treemap called 'test' prior to that) and got this message:
iptables v1.3.7: Unknown arg `--match-set'
Try `iptables -h' or 'iptables --help' for more information.
Looked in /usr/lib/iptables/ and there are two additional files
libipt_set.so and libipt_SET.so, which were installed by the newly
compiled version of iptables so don't know why it does not work!
Please ignore the above - it has been a long day and I clearly had too
much on my plate today. IT WORKS! I've just got the syntax wrong - in
'older' iptables version the syntax is not --match-set, but just --set
and I completely forgot about this.
One more thing - it would be nice if you could update the iptables
1.3.7. section on the ipset installation page to state that both
ip_set.h and ipt_set.h are needed for re-compilation of iptables in
order to make the whole thing work, so that others like me don't bang
their heads against the wall in the future.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
