* ipset & iptables
@ 2012-02-01 16:32 Rob Sterenborg (lists)
2012-02-01 18:52 ` Jozsef Kadlecsik
0 siblings, 1 reply; 3+ messages in thread
From: Rob Sterenborg (lists) @ 2012-02-01 16:32 UTC (permalink / raw)
To: netfilter
Hello,
I have problems matching an ipset set using iptables. My configuration
is as follows:
# uname -r
2.6.39.1
# iptables -V
iptables v1.4.12.2
# ipset -V
ipset v6.11, protocol version: 6
The following 3 commands are executed immediately after each other:
# ipset create TEST hash:ip
# ipset add TEST 127.0.0.5
# iptables -A INPUT -m set --match-set TEST src
iptables: No chain/target/match by that name.
# lsmod|grep set
ip_set_hash_net 15884 3
ip_set_hash_ip 13584 2
ip_set 19151 2 ip_set_hash_net,ip_set_hash_ip
nfnetlink 3191 2 nf_conntrack_netlink,ip_set
# ipset list TEST
Name: TEST
Type: hash:ip
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8264
References: 0
Members:
127.0.0.5
I don't get it: ipset says the set exists and has a member (if that
matters anything), but iptables doesn't see it. What am I missing?
--
Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ipset & iptables
2012-02-01 16:32 ipset & iptables Rob Sterenborg (lists)
@ 2012-02-01 18:52 ` Jozsef Kadlecsik
2012-02-01 19:31 ` Rob Sterenborg (Lists)
0 siblings, 1 reply; 3+ messages in thread
From: Jozsef Kadlecsik @ 2012-02-01 18:52 UTC (permalink / raw)
To: Rob Sterenborg (lists); +Cc: netfilter
On Wed, 1 Feb 2012, Rob Sterenborg (lists) wrote:
> I have problems matching an ipset set using iptables. My configuration
> is as follows:
>
> # uname -r
> 2.6.39.1
>
> # iptables -V
> iptables v1.4.12.2
>
> # ipset -V
> ipset v6.11, protocol version: 6
>
> The following 3 commands are executed immediately after each other:
>
> # ipset create TEST hash:ip
> # ipset add TEST 127.0.0.5
> # iptables -A INPUT -m set --match-set TEST src
> iptables: No chain/target/match by that name.
>
> # lsmod|grep set
> ip_set_hash_net 15884 3
> ip_set_hash_ip 13584 2
> ip_set 19151 2 ip_set_hash_net,ip_set_hash_ip
> nfnetlink 3191 2 nf_conntrack_netlink,ip_set
You haven't got the "set" match kernel module, I guess
grep CONFIG_NETFILTER_XT_SET /boot/config-2.6.39.1
returns
# CONFIG_NETFILTER_XT_SET is not set
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ipset & iptables
2012-02-01 18:52 ` Jozsef Kadlecsik
@ 2012-02-01 19:31 ` Rob Sterenborg (Lists)
0 siblings, 0 replies; 3+ messages in thread
From: Rob Sterenborg (Lists) @ 2012-02-01 19:31 UTC (permalink / raw)
To: netfilter
On Wed, 2012-02-01 at 19:52 +0100, Jozsef Kadlecsik wrote:
> You haven't got the "set" match kernel module, I guess
>
> grep CONFIG_NETFILTER_XT_SET /boot/config-2.6.39.1
>
> returns
>
> # CONFIG_NETFILTER_XT_SET is not set
Grr.. :-/
Thanks for the reminder!
--
Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-02-01 19:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-02-01 16:32 ipset & iptables Rob Sterenborg (lists)
2012-02-01 18:52 ` Jozsef Kadlecsik
2012-02-01 19:31 ` Rob Sterenborg (Lists)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.