After upgrading to the Gentoo sources 2.4.22 kernel from the 2.4.20 series, I'm having trouble restoring my iptables configuration (yes, I did try re-emerging iptables). A bit of digging revealed that the port-scan detection option had been removed from menuconfig (it ought to be under Networking options / Netfilter configuration). Furthermore, re-emerging iptables seems to have made the port-scan module (/lib/iptables/libipt_psd.so) disappear. Reproducible: Always Steps to Reproduce: After upgrading to a 2.4.22 kernel and re-emerging iptables, try adding a rule with port-scan detection to iptables, or just try asking for help on it: "iptables -m psd --help". Actual Results: iptables v1.2.8: Couldn't load match `psd':/lib/iptables/libipt_psd.so: cannot open shared object file: No such file or directory The port-scan detector is one of "base" iptable add-on modules. I believe that supporting these modules requires patching the kernel (see http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html). Along with libipt_psd.so, re-emerging iptables also removed: libipt_time.so libipt_random.so libipt_quota.so libipt_pool.so libipt_nth.so libipt_mport.so libipt_ipv4options.so libipt_fuzzy.so libipt_POOL.so libipt_NETMAP.so libipt_IPV4OPTSSTRIP.so
try reemerge iptables
Already did, as I've noted above. I really do think the problem is that the kernel is missing the patches for some of the iptables modules. The patch pack for 2.4.20 has the iptables psd patch (718_iptables-psd in patches-2.4.20-gentoo-r5.tar.bz2) as well as several other iptables patches that aren't in the 2.4.22 patch pack.
2.4.22 is missing most of the external iptables stuff. It isn't a problem with your system.
