patching iptables - how?

patching iptables - how?

[Mladen Meduric]

Hi all,

just joined the list. 
Pretty new to linux/iptables (on SuSE8.0). I'm trying to patch from 1.2.5
to 1.2.6a and then to 1.2.7a.
Do have all patches. Tried "patch" command, but I seem can't figure it out
properly. Would someone explain how to do this in couple of steps, please?
Also, from reading other articles, after patching up or reinstalling
iptables from scratch, is it necessary to recompile the kernel?

Cheers,
Mladen

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

Re: patching iptables - how?

[Athan]

[-- Attachment #1: Type: text/plain, Size: 1208 bytes --]

On Wed, Jan 08, 2003 at 10:16:16PM +0000, Mladen Meduric wrote:
> Pretty new to linux/iptables (on SuSE8.0). I'm trying to patch from 1.2.5
> to 1.2.6a and then to 1.2.7a.

  It would probably be easier to just grab the tar ball of 1.2.7a:

	http://www.netfilter.org/downloads.html#1.2.7a

> Do have all patches. Tried "patch" command, but I seem can't figure it out
> properly. Would someone explain how to do this in couple of steps, please?
> Also, from reading other articles, after patching up or reinstalling
> iptables from scratch, is it necessary to recompile the kernel?

  Depends what features you're trying to make use of.  What's your
current kernel version (uname -r) ?

  The only thing I've personally found not working on 2.4.20 is ECN
mangle'ing for which you need this patch to the kernel:

	http://www.netfilter.org/documentation/pomlist/pom-pending.html#05_ECN-tcpchecksum-littleendian-fix

HTH,

-Ath
-Ath
-- 
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
                  Finger athan(at)fysh.org for PGP key
	   "And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME

[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]

Re: patching iptables - how?

[Vincent Lim]

Mladen Meduric wrote:
> 
> Hi all,
> 
> just joined the list.
> Pretty new to linux/iptables (on SuSE8.0). I'm trying to patch from 1.2.5
> to 1.2.6a and then to 1.2.7a.

Why not just use 1.2.7a instead?
Anyway, the patch command should be like this:
# cd /path/to/iptables/source
# patch -p1 < /path/to/patch

Do this for all remaining patches.

> Do have all patches. Tried "patch" command, but I seem can't figure it out
> properly. Would someone explain how to do this in couple of steps, please?
> Also, from reading other articles, after patching up or reinstalling
> iptables from scratch, is it necessary to recompile the kernel?

In most cases (AFAIK), no. If you're using the same kernel during the
compilation (of iptables), iptables will reference whatever libraries
that exist for the current kernel. If you decide to switch kernels, you
probably might need to recompile iptables as certain libraries might
have underwent a significant tweak/hack/modification and might render
iptables in-operable.

-- 
Vincent Lim
Software Engineer
NESTAC Solution Sdn Bhd
vincent.lim@nestac.com | +(6012) 659-6609

Re: patching iptables - how?

[Fabrice MARIE]

On Thursday 09 January 2003 06:16, Mladen Meduric wrote:
> Hi all,
> just joined the list.
> Pretty new to linux/iptables (on SuSE8.0). I'm trying to patch from 1.2.5
> to 1.2.6a and then to 1.2.7a.
> Do have all patches. Tried "patch" command, but I seem can't figure it out
> properly. Would someone explain how to do this in couple of steps, please?
> Also, from reading other articles, after patching up or reinstalling
> iptables from scratch, is it necessary to recompile the kernel?

Hello,

If all you want is to apply the patches from patch-o-matic (especially the extensions), you can
have a look at the netfilter-extension-HOWTO:
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html
there is a little paragraph explaining how to use p-o-m.
For upgrading your iptables only, see the reply from Athan.

Have a nice day,

Fabrice.
--
Fabrice MARIE

"Silly hacker, root is for administrators"
       -Unknown

Re: patching iptables - how?

[Mladen Meduric]

Whoa!!!

What a list! Thank you all very much!
I thought on just installing 1.2.7a from scratch, but didn't know what
effect would it have on old (1.2.5) version. Do I need to uninstall that
one first? If yes, is it best to use Sytem->Package->uninstall or rpm -u
...

All the best and cheers
Mladen

BTW, kernel is 2.4.18

__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

Re: patching iptables - how?

[Arnt Karlsen]

On Thu, 9 Jan 2003 03:42:50 +0000 (GMT), 
Mladen Meduric <mladen_meduric@yahoo.com> wrote in message 
<20030109034250.51982.qmail@web12706.mail.yahoo.com>:

> Whoa!!!
> 
> What a list! Thank you all very much!
> I thought on just installing 1.2.7a from scratch, but didn't know what
> effect would it have on old (1.2.5) version. Do I need to uninstall
> that one first? If yes, is it best to use Sytem->Package->uninstall or
> rpm -u

..'rpm -e iptables' will do nicely.  ;-)


-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.