(Please forgive my top-posting) So, I should set IP_SET=n ? Doesn't the ipset(8) command require support from the kernel? I'm rather confused... Rgds, On 2011-08-05, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Friday 2011-08-05 15:49, Pandu Poluan wrote: > >>On Fri, Aug 5, 2011 at 20:41, nowhere <nowhere@xxxxxxxxxxxxxxxx> wrote: >>> В Птн, 05/08/2011 в 20:19 +0700, Pandu Poluan пишет: >>>> I'm having troubles with xtables-addons 1.3.7 on Gentoo. >>>> >>>> I successfully installed xtables-addons (no errors), but all attempts >>>> to create an IP set (e.g., `ipset --create test hash:ip`) resulted in >>>> the following error message: >>>> >>>> FATAL: Error inserting ip_set >>>> (/lib/modules/2.6.39-hardened-r8PANS_GW_BN_02/xtables_addons/ip_set.ko): >>>> Invalid module format >>>> >>>> `insmod` begat an additional information: >>>> >>>> insmod: error inserting >>>> '/lib/modules/2.6.39-hardened-r8PANS_GW_BN_02/xtables_addons/ip_set.ko': >>>> -1 Invalid module format >>>> >>>> `dmesg | tail -1` gave a worrying error: >>>> >>>> [ 4085.271442] ip_set: exports duplicate symbol ip_set_nfnl_put (owned >>>> by kernel) >>>> >>>> What should I do? >>> >>> Do you by any chance have ipset enabled in kernel config or ipset >>> separatedly installed with "modules" use-flag? >>> >> >>Yes, I have ipset enabled in kernel, and no, I don't have ipset >>installed separately. >> >>A kind friend at gentoo-user led me to CONFIG_IP_SET >> >>Apparently xtables-addons hates IP_SET=y >> >>So, I rebuild the kernel with IP_SET=m , and all is well. > > There is no reason to enable ipset in both the kernel and in xt-a. > -- -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
