Missing ipt_LOG.o for Firewall Logging in 3.0

Morgan Doocy yellowdog-general@lists.terrasoftsolutions.com
Fri May 9 06:17:01 2003 

I just started setting up the firewall on my YDL 3.0 machine, by  
adapting the ruleset from my RH 9.0 box. This in turn was adapted from  
the "stronger" ruleset example in the IP Masquerading HOWTO:

http://tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall- 
examples.html#RC.FIREWALL-2.4.X-STRONGER

Included in these rulesets are a chain called "drop-and-log-it" which,  
as one might suspect, drops an unwelcome packet and logs the request in  
syslog. It looks like this: (I've shortened it to "drop-log"):

	# Create DROP chain
	$IPTABLES -N drop-log
	$IPTABLES -A drop-log -j LOG --log-level info
	$IPTABLES -A drop-log -j DROP

I started with a bare-bones version of the adapted script (all rules  
set to DROP), to make sure it was working properly before I started  
customizing it, and running the script produced the following error in  
syslog:

	May  9 03:16:44 benvolio modprobe: modprobe: Can't locate module  
ipt_LOG

A subsequent 'nmap -sT' of the box confirmed that it was not logging  
dropped packets, as nothing further showed up in syslog.

I double-checked the modules I had removed from the RH script, and made  
sure I didn't need them (they were all for masquerading and  
forwarding), and then went to locate the module on my RH machine:

	[root@escalus root]# lsmod | grep ipt_LOG
	ipt_LOG                 4088   1  (autoclean)
	ip_tables              14488   8  [iptable_nat ipt_LOG ipt_limit  
ipt_state ipt_REJECT iptable_filter]
	[root@escalus root]# locate ipt_LOG
	/usr/include/linux/netfilter_ipv4/ipt_LOG.h
	/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ipt_LOG.o
	/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_LOG.o
	/lib/iptables/libipt_LOG.so
	[root@escalus root]# rpm -q --whatprovides  
/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_LOG.o
	kernel-2.4.20-9
	[root@escalus root]#

(Note that I've already updated the kernel on the RH 9 box, which is  
why there are -8 and -9 versions.)

Then over to my YDL box:

	[root@benvolio root]# rpm -q -l kernel | grep LOG
	/lib/modules/2.4.20-8d/kernel/net/ipv6/netfilter/ip6t_LOG.o
	[root@benvolio root]#

I compared this to what RH provides:

	[root@escalus root]# rpm -q -l kernel | grep LOG
	/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ipt_LOG.o
	/lib/modules/2.4.20-8/kernel/net/ipv4/netfilter/ipt_ULOG.o
	/lib/modules/2.4.20-8/kernel/net/ipv6/netfilter/ip6t_LOG.o
	/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_LOG.o
	/lib/modules/2.4.20-9/kernel/net/ipv4/netfilter/ipt_ULOG.o
	/lib/modules/2.4.20-9/kernel/net/ipv6/netfilter/ip6t_LOG.o
	[root@escalus root]#

Obviously, YDL 3.0 includes the logging module for ip6tables, but not  
for iptables, which I need.

Google found me a slightly older release (from 2.3) which contains the  
file I'm looking for:

	http://rpmfind.net/linux/RPM/yellowdog/1.0/yellowdog-2.3/ppc/ 
YellowDog/ppc/kernel-ans-2.4.19-4a.ppc.html

...so I suppose I could just extract it from that package. But I'd like  
to be sure the most current one isn't available before I do that. There  
probably wouldn't be any problems with the older one, but I'd like to  
keep it clean. So anyone know where I can get the current version?

It seems odd that the module for ipv6 would be included, but the ipv4  
one excluded. Perhaps it was unintentional?

Cheers,

Morgan