||Tue, 08 June 2010 11:56
Registered: May 2010
I've been working on my firewall today and have run into an interesting little hitch trying to block broadcast packets using the 'pkttype' module.
# iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
iptables: No chain/target/match by that name.
now, ive tried several other NON-VIRTUAL gentoo systems running 2.6.30 or later, with a more recent version of iptables - and this rule is executed without error.
ive checked man, the pkttype module is in the documentation, and it doesnt seem to be a syntax problem (if anyone knows, please post!), and its not possible to load the "xt_pkttype" iptables module. ive been trying to figure out exactly what the problem is, this is what ive come up with so far.
- the "xt_pkttype" module is not enabled in the kernel config.
- the "xt_pkttype" module was not fully implemented in that kernel version.
out of habit, iptables was one of the first things i installed when i first got the virutal gentoo box. as a result, my iptables command sets are likely clobbered. after speaking with a contact, the default for this kernel version is net-firewall/iptables-220.127.116.11. ive rolled the version back, but still no joy.
since gentoo is a source distribution, and not binary, you can upgrade the iptables version to take advantage of new features, and squashed bugs - but in this case, since the iptables modules are built into the kernel itself, no upgrades are possible.
is there any possibility of getting a gentoo kernel with the iptables sources built as modules and not right into the kernel binary?
[Updated on: Tue, 08 June 2010 14:05]