[Avila] iptables: "--match state" doesn't seem to work on stock Avila 0.6 BSP
John Carter
john at rhinosys.com
Wed Apr 19 15:28:49 EDT 2006
I'm trying to set up iptables and everything seems to work except for
"--match state" (or -m state).
Here is the snippet from running my setup script with sh -x:
+ /bin/iptables -A allowed -p TCP -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables v1.2.11: Couldn't find match `state'
This same line comes from an iptables startup script that I have used
on a Linux router for a couple of years now.
Earlier in the boot sequence I see:
TCP: Hash tables configured (established 4096 bind 4096)
TCP reno registered
ip_conntrack version 2.4 (512 buckets, 4096 max) - 220 bytes per
conntrack
ip_tables: (C) 2000-2002 Netfilter core team
TCP bic registered
So I know conntrack is configured in and at least reporting
initialization correctly.
This is happening with the stock zImage that ships with 0.6, although
I have recompiled and I get the same result. The config looks
correct in that conntrack is configured into the kernel.
Has anyone else seen this? Did I just forget to configure something?
Thanks,
John Carter
RhinoSys, Inc.
Gainesville, FL
USA
More information about the Avila
mailing list