iptables modules

[mrmagoo]

Hi, I'm using a 2.6.8 kernel & a 2.4.28

 

The two kernels installed netfilter modules at:

/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/

 

The 2.6's are *.ko.gz & 2.4's are *.o.gz

 

There are more in /lib/iptables-mandrake & /lib/iptables-vanilla

/lib/iptables is a symbolic link to /lib/iptables-mandrake

 

These modules are *.so

 

There are many patch-o-matic modules in the mandrake directory...

 

How can I instruct iptables(8) to use these modules instead of the kernel's?

Edited June 28, 2005 by mrmagoo

[devries]

The modules that end in .gz are precompiled modules and come with the mandriva kernel. You mean you have compiled extra iptables modules and you want to use these?

 

If so better is to build a completely new kernel or you would have to delete by hand all the duplicate modules.

[mrmagoo]

Well, /lib/modules/`uname -r`/* are installed by the kernel rpm,

and /lib/iptables-mandrake/* are installed by iptables...

 

My iptables seems to use the ones installed by the kernel, since I can not specify the TTL target with -j:

# /sbin/iptables -t mangle -I PREROUTING -j TTL --ttl-inc 1

iptables: No chain/target/match by that name

 

A module exists for this target in my system:

/lib/iptables-mandrake/libipt_TTL.so

 

It's strange because /sbin/iptables -j TTL -h returns:

TTL target v1.2.9 options

--ttl-set value Set TTL to <value>

--ttl-dec value Decrement TTL by <value>

--ttl-inc value Increment TTL by <value>

 

and when I try to use it, I get the error above "No chain/target/match by that name"

Edited June 28, 2005 by mrmagoo