Summary: | net-firewall/iptables - USE="extensions" does not enable IMQ | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Edward Smith <gentoo> |
Component: | New packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Edward Smith
2005-07-02 21:09:07 UTC
I'd wager that you don't have a kernel source in place that supports IMQ. Go and look at your build logs. For iptables there is a message like this: === * WARNING: 3rd party extensions has been enabled. * This means that iptables will use your currently installed * kernel in /usr/src/linux as headers for iptables. * * You may have to patch your kernel to allow iptables to build. * Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches * for your kernel. * * For layer 7 support emerge net-misc/l7-filter-1.2 before this * Determining the location of the kernel source code * Found kernel source directory: * /usr/src/linux * Found sources for kernel version: * 2.6.11-mm2 >>> Unpacking source... >>> Unpacking iptables-1.3.1.tar.bz2 to /var/tmp/portage/iptables-1.3.1-r4/work >>> Unpacking netfilter-layer7-v1.2.tar.gz to /var/tmp/portage/iptables-1.3.1- r4/work * Applying install_ipv6_apps.patch.bz2 ... [ ok ] * Applying install_all_dev_files.patch- 1.3.1.bz2 ... [ ok ] * Applying grsecurity-1.2.8-iptables.patch- 1.3.1.bz2 ... [ ok ] * Applying iptables-1.3.1- compilefix.patch ... [ ok ] * Applying iptables-1.3.0- imq1.diff ... [ ok ] * Applying iptables-layer7- 1.2.patch ... [ ok ] [...] Extensions found: IPv4:CLUSTERIP IPv4:IPMARK IPv4:IPV4OPTSSTRIP IPv4:ROUTE IPv4:XOR IPv4:account IPv4:fuzzy IPv4:ipv4options IPv4:nth IPv4:osf IPv4:psd IPv4:quota IPv4:recent IPv4:set IPv4:SET IPv4:time IPv6:ROUTE IPv6:ah IPv6:esp IPv6:frag IPv6:fuzzy IPv6:ipv6header IPv6:nth IPv6:hbh IPv6:dst IPv6:rt [...] === This here shows that while the IMQ patch was applied, it was NOT in your kernel sources, and therefore iptables could NOT build it. good enough for me |