Re: linux-2.6.24 & iptables/netfilter

Doug Mitton <doug_mitton@xxxxxxxxxxxxx> writes:


It's switched to autoconf too, and it seems you're getting ipv6 like
it or not (no disable switch). I don't think the distros have picked
up on this yet as Google has nothing about 2.6.24/iptables. There's
going to have to be some serious reworking done if people are going to
start using 2.6.24. I really hate when the kernel people change
everything and pull the floor out from under all other
projects...don't they realize a kernel does not an operating system
alone make?

I can't comment on the issue above except to say that I just upgraded
from 2.6.23 to 2.6.24 with no problems regarding iptables at all. I
didn't use the patch, I downloaded the entire source tree. Then I
copied over my old .config and did a `make oldconfig` and selected all
default replies to the differences.

Which iptables did you rebuild with? This was iptables--20080127
(snapshot). Some of the stuff did build, but a good chunk of it
didn't. If it bombed or not would depend on if you tried to compile
the extensions that had trouble. Did you notice if yours did build any
of those that are shown erroring out from my log? Maybe I could have
made a go at it, but I saw alot of nat/conntrack stuff fail. Like this
one: libxt_conntrack.c. I'd think that would nix any -m conntrack
rules.


I use a lot of Rules and it is working just fine.

I don't see how, with such basic values being redefined, sometime's
got to break some place. For example:

The system's idea of INADDR_ANY:
/usr/include/netinet/in.h:#define INADDR_ANY ((in_addr_t) /0x00000000)


Redefined in 2.6.24:
/usr/src/linux-2.6.24/include/linux/in.h:#define INADDR_ANY ((unsigned long int) 0x00000000)

There's about 12 such similar issues with all the INADDR_* stuff.


The only issue I'm having with the new kernel is with the new core
scheduler and `dnetc` (Distributed Computing Client) as the default
rules make my system almost unuseable when the load goes up to nearly
100%. Still investigating this.

I didn't even boot it. I'd have liked to, as there seemed to be alot
of new features.


--
[** America, the police state **]
Whoooose! What's that noise? Why, it's US citizen's
rights, going down the toilet with Bush flushing.
http://www.theregister.co.uk/2008/01/27/bush_nsa_internal/
http://www.wired.com/politics/security/news/2007/08/wiretap
http://www.hermes-press.com/police_state.htm
http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597
.

Relevant Pages

  • Re: linux-2.6.24 & iptables/netfilter
    ... I really hate when the kernel people change ... from 2.6.23 to 2.6.24 with no problems regarding iptables at all. ... but I saw alot of nat/conntrack stuff fail. ... scheduler and `dnetc` (Distributed Computing Client) as the default ...
    (comp.os.linux.setup)
  • Re: devolopin a mew lang........
    ... MS dos as like it can interract with machine directly with out the ... understand how GNU/Linux works... ... *Linux* is only a kernel. ... the GNU/Linux operating system supports the largest amount of hardware ...
    (comp.os.linux.misc)
  • Re: Hello Everyone!
    ... Since Vista is a version of MICROS~1 Wintendo and MICROS~1 Wintendo is ... the worst possible operating system on the planet (and most likely in ... Windows on the other hand is a GUI'ed and ... Wintendo also requires regular reboots and its kernel still contains ...
    (comp.os.linux.misc)
  • Re: Hello Everyone!
    ... is the worst possible operating system on the planet (and most likely ... Windows on the other hand is a GUI'ed and ... Wintendo also requires regular reboots and its kernel still contains ...
    (comp.os.linux.misc)
  • PROBLEM: iptables dont work with 2.4.25
    ... iptables v1.2.6a: can't initialize iptables table `filter': iptables who? ... Perhaps iptables or your kernel needs to be upgraded. ... f000-f0ff: Intel ICH2 ... Controller Hub ...
    (Linux-Kernel)