[Avila] iptables: "--match state" doesn't seem to work on stock Avila 0.6 BSP

Chris Lang chris at unixstudios.net
Wed Apr 19 15:59:02 EDT 2006 

Hey John,

In the 0.6 BSP there was only a minimal set of iptables options configured
in, thus the state match was not configured in by default. 
	
In order to enable the state match it must be enabled in the kernel
configuration, The option is called "Connection state match support" at the
following location,

Location:
      -> Networking
        -> Networking options
          -> Network packet filtering (replaces ipchains) (NETFILTER [=y])
            -> IP: Netfilter Configuration
              -> Connection state match support

	
I hope this help.

Chris Lang
www.unixstudios.net
chris at unixstudios.net

-----Original Message-----
From: John Carter [mailto:john at rhinosys.com] 
Sent: Wednesday, April 19, 2006 12:29 PM
To: avila at lists.unixstudios.net
Subject: [Avila] iptables: "--match state" doesn't seem to work on stock
Avila 0.6 BSP

I'm trying to set up iptables and everything seems to work except for
"--match state" (or -m state).

Here is the snippet from running my setup script with sh -x:

+ /bin/iptables -A allowed -p TCP -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables v1.2.11: Couldn't find match `state'

This same line comes from an iptables startup script that I have used on a
Linux router for a couple of years now.

Earlier in the boot sequence I see:

TCP: Hash tables configured (established 4096 bind 4096) TCP reno registered
ip_conntrack version 2.4 (512 buckets, 4096 max) - 220 bytes per conntrack
ip_tables: (C) 2000-2002 Netfilter core team TCP bic registered

So I know conntrack is configured in and at least reporting initialization
correctly.

This is happening with the stock zImage that ships with 0.6, although I have
recompiled and I get the same result.  The config looks correct in that
conntrack is configured into the kernel.

Has anyone else seen this?  Did I just forget to configure something?

Thanks,

John Carter
RhinoSys, Inc.
Gainesville, FL
USA

---------------------------------------------------------------------
To unsubscribe, e-mail: avila-unsubscribe at lists.unixstudios.net
For additional commands, e-mail: avila-help at lists.unixstudios.net

More information about the Avila mailing list