[fedora-arm] Fedora-11 Status
Steve Grubb
sgrubb at redhat.com
Thu Oct 22 16:09:28 UTC 2009
On Tuesday 06 October 2009 04:45:33 am you wrote:
> > I was wondering if in the next kernel build if
> > netfilter/iptables can be
> > enabled?
>
> We do not disable it.
>
> The kernel build just picks the default fedora kernel configuration and
> merges the arch-specific ("config-arm" in our case) exception file. This
> file hasn't disabled iptables:
> http://cvs.fedoraproject.org/viewvc/rpms/kernel/devel/config-arm?revision=
> 1.5
OK, I assumed it was not working because:
iptables-restore /etc/sysconfig/iptables
FATAL: Could not load /lib/modules/2.6.30-00000-v2.6.30/modules.dep: No such
file or directory
iptables-restore v1.4.3.1: iptables-restore: unable to initialize table
'filter'
Error occurred at line: 3
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
I traced through the initscript and decided to just try iptables-restore by
itself. The initscripts really want a loadable module. Anyways, based on your
comment, I tried setting --modprobe=/bin/true to trick it. No luck. It
doesn't complain about not being able to load the module anymore, but still
fails at line 3. The firewall rules are simple:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Running strace, it dies like this:
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 4
getsockopt(4, SOL_IP, 0x40 /* IP_??? */, 0xbeda7ee8, 0xbeda7ee0) = -1
ENOPROTOOPT (Protocol not available)
close(4) = 0
-Steve
More information about the fedora-arm
mailing list