Re: iptables with no module support?

To: David Ramsden <david@hexstream.eu.org>
Cc: debian-security@lists.debian.org
Subject: Re: iptables with no module support?
From: David Kyle Sayre <dks@lanl.gov>
Date: Wed, 23 Apr 2003 10:31:47 -0600
Message-id: <[🔎] 3EA6BFF3.9000307@lanl.gov>
In-reply-to: <[🔎] 20030423141703.GA19250@server-01.lan.hexstream.eu.org>
References: <[🔎] 20030423141703.GA19250@server-01.lan.hexstream.eu.org>

The trick is in the kernel build. When you do a make menuconfig (or yourfavorite config), you neet to go under network options, and enablenetwork packet filtering, socket filtering, and and any options you wantunder Netfilter Configuration (iptables support for example). Then saveand rebuild your kernel. I use this at home, and it works like a charm.


Hope this is helpful,
David Sayre

David Ramsden wrote:

Hi,

I'm building a 'secure' server.
I downloaded the 2.4.20 kernel source from kernel.org and patched with
grsecurity (latest patch).
I also disabled loadable modules or any module support in the kernel for
added security - So everything is compiled in to the kernel.

However, iptables won't work, saying it can't initialise iptables table
'filter' and saying "do you need to insmod?".
So does iptables require module support? I don't want to use modules
though! :-)
Surely the Netfilter people would have thought of this?

I can't find an option to allow ipchains compatibility either - Does
this no longer exist?

So any workarounds, fixes etc. etc. would be most welcome.

Thanks and regards,
David.

Reply to:

References:
- iptables with no module support?
  - From: David Ramsden <david@hexstream.eu.org>

Prev by Date: Re: DSA-288 - a question
Next by Date: Re: iptables with no module support?
Previous by thread: iptables with no module support?
Next by thread: Re: iptables with no module support?
Index(es):
- Date
- Thread