Missing ipt_LOG.o for Firewall Logging in 3.0
Morgan Doocy
yellowdog-general@lists.terrasoftsolutions.com
Fri May 9 06:17:01 2003
I just started setting up the firewall on my YDL 3.0 machine, by
adapting the ruleset from my RH 9.0 box. This in turn was adapted from
the "stronger" ruleset example in the IP Masquerading HOWTO:
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-
examples.html#RC.FIREWALL-2.4.X-STRONGER
Included in these rulesets are a chain called "drop-and-log-it" which,
as one might suspect, drops an unwelcome packet and logs the request in
syslog. It looks like this: (I've shortened it to "drop-log"):
# Create DROP chain
$IPTABLES -N drop-log
$IPTABLES -A drop-log -j LOG --log-level info
$IPTABLES -A drop-log -j DROP
I started with a bare-bones version of the adapted script (all rules
set to DROP), to make sure it was working properly before I started
customizing it, and running the script produced the following error in
syslog:
May 9 03:16:44 benvolio modprobe: modprobe: Can't locate module
ipt_LOG
A subsequent 'nmap -sT' of the box confirmed that it was not logging
dropped packets, as nothing further showed up in syslog.
I double-checked the modules I had removed from the RH script, and made
sure I didn't need them (they were all for masquerading and
forwarding), and then went to locate the module on my RH machine:
[root@escalus root]# lsmod | grep ipt_LOG
ipt_LOG 4088 1 (autoclean)
ip_tables 14488 8 [iptable_nat ipt_LOG ipt_limit
ipt_state ipt_REJECT iptable_filter]
[root@escalus root]# locate ipt_LOG
/usr/include/linux/netfilter_ipv4/ipt_LOG.h
/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ipt_LOG.o
/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_LOG.o
/lib/iptables/libipt_LOG.so
[root@escalus root]# rpm -q --whatprovides
/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_LOG.o
kernel-2.4.20-9
[root@escalus root]#
(Note that I've already updated the kernel on the RH 9 box, which is
why there are -8 and -9 versions.)
Then over to my YDL box:
[root@benvolio root]# rpm -q -l kernel | grep LOG
/lib/modules/2.4.20-8d/kernel/net/ipv6/netfilter/ip6t_LOG.o
[root@benvolio root]#
I compared this to what RH provides:
[root@escalus root]# rpm -q -l kernel | grep LOG
/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ipt_LOG.o
/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ipt_ULOG.o
/lib/modules/2.4.20-8/kernel/net/ipv6/netfilter/ip6t_LOG.o
/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_LOG.o
/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_ULOG.o
/lib/modules/2.4.20-9/kernel/net/ipv6/netfilter/ip6t_LOG.o
[root@escalus root]#
Obviously, YDL 3.0 includes the logging module for ip6tables, but not
for iptables, which I need.
Google found me a slightly older release (from 2.3) which contains the
file I'm looking for:
http://rpmfind.net/linux/RPM/yellowdog/1.0/yellowdog-2.3/ppc/
YellowDog/ppc/kernel-ans-2.4.19-4a.ppc.html
...so I suppose I could just extract it from that package. But I'd like
to be sure the most current one isn't available before I do that. There
probably wouldn't be any problems with the older one, but I'd like to
keep it clean. So anyone know where I can get the current version?
It seems odd that the module for ipv6 would be included, but the ipv4
one excluded. Perhaps it was unintentional?
Cheers,
Morgan