[PATCH 1/1] UBUNTU: [Jaunty] Change LPIA configuration to compile with

Tue Apr 7 14:53:59 UTC 2009

Sounds sensible to have those options in sync. ACK (maybe change mad64 before 
checkin ;-))

Brad Figg wrote:
> Bug: #355291
> 
> The 'recent' module of iptables is broken on lpia because the kernel is
> compiled without CONFIG_NETFILTER_XT_MATCH_RECENT. This is a regression
> over Intrepid:
> 
> $ grep RECENT ./config-2.6.2*
> ./config-2.6.27-4-lpia:CONFIG_IP_NF_MATCH_RECENT=m
> ./config-2.6.28-11-lpia:# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
> 
> $ cat /proc/version_signature
> Ubuntu 2.6.28-11.40-lpia
> $ sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m
> recent --set
> iptables: No chain/target/match by that name
> 
> Ufw uses this module when using the LIMIT command, which causes the
> firewall to not load on boot due to iptables-restore failing. Ufw users
> are only affected when using LIMIT rules.
> 
> The LPIA configuration was modifified to match the NETFILTER
> configuration for mad64 and i386.
> 
> Signed-off-by: Brad Figg <brad.figg at canonical.com>
> ---
>  debian/config/lpia/config |    7 +++++--
>  1 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/debian/config/lpia/config b/debian/config/lpia/config
> index 35137bb..57f655c 100644
> --- a/debian/config/lpia/config
> +++ b/debian/config/lpia/config
> @@ -1854,7 +1854,7 @@ CONFIG_NETFILTER_ADVANCED=y
>  CONFIG_NETFILTER_NETLINK=m
>  CONFIG_NETFILTER_NETLINK_LOG=m
>  CONFIG_NETFILTER_NETLINK_QUEUE=m
> -# CONFIG_NETFILTER_TPROXY is not set
> +CONFIG_NETFILTER_TPROXY=m
>  CONFIG_NETFILTER_XTABLES=m
>  CONFIG_NETFILTER_XT_MATCH_COMMENT=m
>  CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
> @@ -1879,8 +1879,10 @@ CONFIG_NETFILTER_XT_MATCH_POLICY=m
>  CONFIG_NETFILTER_XT_MATCH_QUOTA=m
>  CONFIG_NETFILTER_XT_MATCH_RATEEST=m
>  CONFIG_NETFILTER_XT_MATCH_REALM=m
> -# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
> +CONFIG_NETFILTER_XT_MATCH_RECENT=m
> +# CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT is not set
>  CONFIG_NETFILTER_XT_MATCH_SCTP=m
> +CONFIG_NETFILTER_XT_MATCH_SOCKET=m
>  CONFIG_NETFILTER_XT_MATCH_STATE=m
>  CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
>  CONFIG_NETFILTER_XT_MATCH_STRING=m
> @@ -1899,6 +1901,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m
>  CONFIG_NETFILTER_XT_TARGET_SECMARK=m
>  CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
>  # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
> +CONFIG_NETFILTER_XT_TARGET_TPROXY=m
>  CONFIG_NETFILTER_XT_TARGET_TRACE=m
>  CONFIG_NETLABEL=y
>  CONFIG_NETPOLL=y

-- 

When all other means of communication fail, try words!