I emerged iptables using the extensions USE keyword. Portage reported that the IMQ patches were being applied. However, The following series of commands give the error shown. littlebear ~ # ip link set imq0 up littlebear ~ # tc qdisc add dev imq0 root handle 1: htb default 5000 littlebear ~ # tc class add dev imq0 parent 1: classid 1:5000 htb rate 200 littlebear ~ # iptables -A POSTROUTING -t mangle -o eth0 -j IMQ --todev 0 iptables v1.3.1-20050701: Unknown arg `--todev' Try `iptables -h' or 'iptables --help' for more information. Reproducible: Always Steps to Reproduce: 1.See Details 2. 3. Actual Results: See Details Expected Results: No output would be expected if the iptables command succeded. It could matter that this is running on a VIA Epia 6000CL.
I'd wager that you don't have a kernel source in place that supports IMQ. Go and look at your build logs. For iptables there is a message like this: === * WARNING: 3rd party extensions has been enabled. * This means that iptables will use your currently installed * kernel in /usr/src/linux as headers for iptables. * * You may have to patch your kernel to allow iptables to build. * Please check http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ for patches * for your kernel. * * For layer 7 support emerge net-misc/l7-filter-1.2 before this * Determining the location of the kernel source code * Found kernel source directory: * /usr/src/linux * Found sources for kernel version: * 2.6.11-mm2 >>> Unpacking source... >>> Unpacking iptables-1.3.1.tar.bz2 to /var/tmp/portage/iptables-1.3.1-r4/work >>> Unpacking netfilter-layer7-v1.2.tar.gz to /var/tmp/portage/iptables-1.3.1- r4/work * Applying install_ipv6_apps.patch.bz2 ... [ ok ] * Applying install_all_dev_files.patch- 1.3.1.bz2 ... [ ok ] * Applying grsecurity-1.2.8-iptables.patch- 1.3.1.bz2 ... [ ok ] * Applying iptables-1.3.1- compilefix.patch ... [ ok ] * Applying iptables-1.3.0- imq1.diff ... [ ok ] * Applying iptables-layer7- 1.2.patch ... [ ok ] [...] Extensions found: IPv4:CLUSTERIP IPv4:IPMARK IPv4:IPV4OPTSSTRIP IPv4:ROUTE IPv4:XOR IPv4:account IPv4:fuzzy IPv4:ipv4options IPv4:nth IPv4:osf IPv4:psd IPv4:quota IPv4:recent IPv4:set IPv4:SET IPv4:time IPv6:ROUTE IPv6:ah IPv6:esp IPv6:frag IPv6:fuzzy IPv6:ipv6header IPv6:nth IPv6:hbh IPv6:dst IPv6:rt [...] === This here shows that while the IMQ patch was applied, it was NOT in your kernel sources, and therefore iptables could NOT build it.
good enough for me
