Hi we seem to be having the following issue with the geoip match from
xtables_addons any input appreciated.
testing rule...
~ # iptables -A INPUT -p udp --dport 53 -m geoip --src-cc ES -j LOG
--log-prefix 'ES DNS: '
iptables: No chain/target/match by that name.
~ # uname -r
2.6.34-xen-r4
~ # iptables -V
iptables v1.4.8
loaded modules:
~ # lsmod | sort
af_key 27908 0
ah4 5056 0
authenc 6410 4
button 4570 0
cast5 14733 0
cls_u32 6427 1
deflate 1879 0
ebtable_nat 1545 0
ebtables 23279 1 ebtable_nat
ecb 1873 0
esp4 4901 4
hwmon 1449 1 thermal_sys
i2c_i801 8022 0
ip6table_filter 1115 0
ip6_tables 17726 1 ip6table_filter
ipcomp 1860 0
ip_gre 13377 0
iptable_filter 1176 1
iptable_mangle 1304 1
iptable_nat 3822 1
iptable_raw 1039 0
ip_tables 16502 4
iptable_mangle,iptable_nat,iptable_raw,iptable_filter
ipt_addrtype 1849 0
ipt_LOG 5067 9
ipt_REJECT 2177 19
ipv6 280711 73 xfrm6_mode_tunnel,sit
iscsi_trgt 75966 4
Module Size Used by
nf_conntrack 52639 7
iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state,xt_conntrack,xt_CONNMARK,xt_connmark
nf_conntrack_ipv4 10555 5 iptable_nat,nf_nat
nf_defrag_ipv4 1107 1 nf_conntrack_ipv4
nf_nat 14991 1 iptable_nat
nfsd 285062 11
processor 21219 0
rtc_cmos 9118 0
rtc_core 12965 1 rtc_cmos
rtc_lib 1698 1 rtc_core
sch_htb 13997 1
sch_sfq 5359 3
sg 17944 0
sha1_generic 1999 4
sit 8853 0
thermal 11807 0
thermal_sys 13414 2 thermal,processor
tunnel4 2101 2 sit,xfrm4_tunnel
xfrm4_mode_tunnel 1696 8
xfrm4_tunnel 1657 0
xfrm6_mode_tunnel 1600 4
xfrm_ipcomp 3623 1 ipcomp
xfrm_user 22465 2
x_tables 14390 27
xt_geoip,ip6table_filter,ip6_tables,ebtables,iptable_mangle,iptable_nat,iptable_raw,ipt_REJECT,ipt_LOG,xt_state,xt_tcpudp,iptable_filter,ipt_addrtype,xt_DSCP,xt_dscp,xt_string,xt_owner,xt_NFQUEUE,xt_multiport,xt_MARK,xt_mark,xt_iprange,xt_hashlimit,xt_conntrack,xt_CONNMARK,xt_connmark,ip_tables
xt_connmark 1107 0
xt_CONNMARK 1267 0
xt_conntrack 2535 0
xt_dscp 1627 0
xt_DSCP 2043 0
xt_geoip 2248 0
xt_hashlimit 9163 0
xt_iprange 1440 0
xt_mark 853 0
xt_MARK 853 0
xt_multiport 2427 0
xt_NFQUEUE 2037 0
xt_owner 1047 0
xt_state 1255 2
xt_string 1323 0
xt_tcpudp 2399 74
zlib_deflate 19852 1 deflate
strace of the above:
strace iptables -A INPUT -p udp --dport 53 -m geoip --src-cc ES -j LOG
--log-prefix 'ES DNS: '
execve("/sbin/iptables", ["iptables", "-A", "INPUT", "-p", "udp",
"--dport", "53", "-m", "geoip", "--src-cc", "ES", "-j", "LOG",
"--log-prefix", "ES DNS: "], [/* 33 vars */]) = 0
brk(0) = 0x6ac000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f50163bc000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=148536, ...}) = 0
mmap(NULL, 148536, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5016397000
close(3) = 0
open("/usr/lib/libip4tc.so.0", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000\31\0"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=26632, ...}) = 0
mmap(NULL, 2121944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f5015f99000
mprotect(0x7f5015f9f000, 2093056, PROT_NONE) = 0
mmap(0x7f501619e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f501619e000
close(3) = 0
open("/usr/lib/libxtables.so.4", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240*\0\0"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=31168, ...}) = 0
mmap(NULL, 2127872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f5015d91000
mprotect(0x7f5015d98000, 2093056, PROT_NONE) = 0
mmap(0x7f5015f97000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6000) = 0x7f5015f97000
close(3) = 0
open("/lib/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200>\0\0"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=534648, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f5016396000
mmap(NULL, 2629848, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f5015b0e000
mprotect(0x7f5015b8f000, 2097152, PROT_NONE) = 0
mmap(0x7f5015d8f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x7f5015d8f000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\354"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1412272, ...}) = 0
mmap(NULL, 3520552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f50157b2000
mprotect(0x7f5015905000, 2093056, PROT_NONE) = 0
mmap(0x7f5015b04000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x152000) = 0x7f5015b04000
mmap(0x7f5015b09000, 18472, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f5015b09000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\r\0"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=14512, ...}) = 0
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f50155ae000
mprotect(0x7f50155b0000, 2097152, PROT_NONE) = 0
mmap(0x7f50157b0000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f50157b0000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f5016395000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f5016394000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f5016393000
arch_prctl(ARCH_SET_FS, 0x7f5016394700) = 0
mprotect(0x7f50157b0000, 4096, PROT_READ) = 0
mprotect(0x7f5015b04000, 16384, PROT_READ) = 0
mprotect(0x7f5015d8f000, 4096, PROT_READ) = 0
mprotect(0x7f5015f97000, 4096, PROT_READ) = 0
mprotect(0x7f501619e000, 4096, PROT_READ) = 0
mprotect(0x640000, 4096, PROT_READ) = 0
mprotect(0x7f50163bd000, 4096, PROT_READ) = 0
munmap(0x7f5016397000, 148536) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
open("/proc/sys/kernel/modprobe", O_RDONLY) = 4
brk(0) = 0x6ac000
brk(0x6cd000) = 0x6cd000
read(4, "/sbin/modprobe\n", 1024) = 15
close(4) = 0
vfork() = 9715
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 9715
--- SIGCHLD (Child exited) @ 0 (0) ---
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"connmark\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x43 /* IP_??? */,
"CONNMARK\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"conntrack\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26P"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"conntrack\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26P"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"hashlimit\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26P"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"iprange\0t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"mark\0ge\0t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x43 /* IP_??? */,
"MARK\0ge\0t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x43 /* IP_??? */,
"MARK\0ge\0t\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"multiport\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\370\327\32\26P"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x43 /* IP_??? */,
"NFQUEUE\0`\35d\0\36\0\0\0\1\0\0\0\0\0\0\0\0,d\0\0\0", [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x43 /* IP_??? */,
"NFQUEUE\0`\35d\0\36\0\0\0\1\0\0\0\0\0\0\0\0,d\0\0\1", [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"owner\0ort\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10K\331\25P\1"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"string\0rt\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10K\331\25P\1"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"tos\0ng\0rt\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10K\331\25P\1"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x43 /* IP_??? */,
"TOS\0ng\0rt\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10K\331\25P\1"..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */,
"addrtype\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10K\331\25P\1"..., [30]) = 0
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=558, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f50163bb000
read(3, "# /etc/nsswitch.conf:\n# $Header:"..., 4096) = 558
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f50163bb000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=148536, ...}) = 0
mmap(NULL, 148536, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5016397000
close(3) = 0
open("/lib64/tls/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat("/lib64/tls/x86_64", 0x7fff41606b20) = -1 ENOENT (No such file or
directory)
open("/lib64/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file
or
directory)
stat("/lib64/tls", 0x7fff41606b20) = -1 ENOENT (No such file or
directory)
open("/lib64/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such
file
or directory)
stat("/lib64/x86_64", 0x7fff41606b20) = -1 ENOENT (No such file or
directory)
open("/lib64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file or
directory)
stat("/lib64", {st_mode=S_IFDIR|0755, st_size=8192, ...}) = 0
open("/usr/lib64/tls/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No
such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7fff41606b20) = -1 ENOENT (No such file
or
directory)
open("/usr/lib64/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such
file
or directory)
stat("/usr/lib64/tls", 0x7fff41606b20) = -1 ENOENT (No such file or
directory)
open("/usr/lib64/x86_64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such
file or directory)
stat("/usr/lib64/x86_64", 0x7fff41606b20) = -1 ENOENT (No such file or
directory)
open("/usr/lib64/libnss_db.so.2", O_RDONLY) = -1 ENOENT (No such file
or
directory)
stat("/usr/lib64", {st_mode=S_IFDIR|0755, st_size=73728, ...}) = 0
munmap(0x7f5016397000, 148536) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=148536, ...}) = 0
mmap(NULL, 148536, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5016397000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p!\0\0\0"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=51528, ...}) = 0
mmap(NULL, 2147728, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f50153a1000
mprotect(0x7f50153ac000, 2097152, PROT_NONE) = 0
mmap(0x7f50155ac000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f50155ac000
close(3) = 0
mprotect(0x7f50155ac000, 4096, PROT_READ) = 0
munmap(0x7f5016397000, 148536) = 0
open("/etc/protocols", O_RDONLY|0x80000) = 3
fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
fstat(3, {st_mode=S_IFREG|0644, st_size=5681, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) =
0x7f50163bb000
read(3, "# /etc/protocols\n#\n# Internet (I"..., 4096) = 4096
close(3) = 0
munmap(0x7f50163bb000, 4096) = 0
open("/lib64/xtables/libxt_geoip.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\r\0\0"...,
832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=10464, ...}) = 0
mmap(NULL, 2105840, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0)
= 0x7f501519e000
mprotect(0x7f50151a0000, 2093056, PROT_NONE) = 0
mmap(0x7f501539f000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f501539f000
close(3) = 0
mprotect(0x7f501539f000, 4096, PROT_READ) = 0
open("/usr/share/xt_geoip/LE/ES.iv0", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=21128, ...}) = 0
read(3, "\0\205\371\25\377\205\371\25\0\0\6.\377\377\6.\0008\20"...,
21128) = 21128
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\351\16^\200\377\377\377\377\1\0\0\0\0\0\0\0"..., [84]) = 0
mmap(NULL, 253952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0)
= 0x7f5016355000
getsockopt(3, SOL_IP, 0x41 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [251024])
= 0
brk(0x6ee000) = 0x6ee000
brk(0x70f000) = 0x70f000
mmap(NULL, 253952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0)
= 0x7f5016317000
brk(0x733000) = 0x733000
setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
"filter\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 251488) =
-1
ENOENT (No such file or directory)
brk(0x72c000) = 0x72c000
munmap(0x7f5016317000, 253952) = 0
close(3) = 0
munmap(0x7f5016355000, 253952) = 0
write(2, "iptables: No chain/target/match "..., 46iptables: No
chain/target/match by that name.
) = 46
exit_group(1)
--
Kindest regards
Paul Freeman,
NOC4 Limited
+44(0)1844 318 410 (Direct)
+44(0)1844 318 124 (Fax)
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
