[PATCH 1/1] UBUNTU: [Jaunty] Change LPIA configuration to compile with

Brad Figg brad.figg at canonical.com
Tue Apr 7 15:23:31 UTC 2009 

Stefan Bader wrote:
> Sounds sensible to have those options in sync. ACK (maybe change mad64
> before checkin ;-))
> 
> Brad Figg wrote:
>> Bug: #355291
>>
>> The 'recent' module of iptables is broken on lpia because the kernel is
>> compiled without CONFIG_NETFILTER_XT_MATCH_RECENT. This is a regression
>> over Intrepid:
>>
>> $ grep RECENT ./config-2.6.2*
>> ./config-2.6.27-4-lpia:CONFIG_IP_NF_MATCH_RECENT=m
>> ./config-2.6.28-11-lpia:# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
>>
>> $ cat /proc/version_signature
>> Ubuntu 2.6.28-11.40-lpia
>> $ sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m
>> recent --set
>> iptables: No chain/target/match by that name
>>
>> Ufw uses this module when using the LIMIT command, which causes the
>> firewall to not load on boot due to iptables-restore failing. Ufw users
>> are only affected when using LIMIT rules.
>>
>> The LPIA configuration was modifified to match the NETFILTER
>> configuration for mad64 and i386.
>>
>> Signed-off-by: Brad Figg <brad.figg at canonical.com>
>> ---
>>  debian/config/lpia/config |    7 +++++--
>>  1 files changed, 5 insertions(+), 2 deletions(-)
>>
>> diff --git a/debian/config/lpia/config b/debian/config/lpia/config
>> index 35137bb..57f655c 100644
>> --- a/debian/config/lpia/config
>> +++ b/debian/config/lpia/config
>> @@ -1854,7 +1854,7 @@ CONFIG_NETFILTER_ADVANCED=y
>>  CONFIG_NETFILTER_NETLINK=m
>>  CONFIG_NETFILTER_NETLINK_LOG=m
>>  CONFIG_NETFILTER_NETLINK_QUEUE=m
>> -# CONFIG_NETFILTER_TPROXY is not set
>> +CONFIG_NETFILTER_TPROXY=m
>>  CONFIG_NETFILTER_XTABLES=m
>>  CONFIG_NETFILTER_XT_MATCH_COMMENT=m
>>  CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
>> @@ -1879,8 +1879,10 @@ CONFIG_NETFILTER_XT_MATCH_POLICY=m
>>  CONFIG_NETFILTER_XT_MATCH_QUOTA=m
>>  CONFIG_NETFILTER_XT_MATCH_RATEEST=m
>>  CONFIG_NETFILTER_XT_MATCH_REALM=m
>> -# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
>> +CONFIG_NETFILTER_XT_MATCH_RECENT=m
>> +# CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT is not set
>>  CONFIG_NETFILTER_XT_MATCH_SCTP=m
>> +CONFIG_NETFILTER_XT_MATCH_SOCKET=m
>>  CONFIG_NETFILTER_XT_MATCH_STATE=m
>>  CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
>>  CONFIG_NETFILTER_XT_MATCH_STRING=m
>> @@ -1899,6 +1901,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m
>>  CONFIG_NETFILTER_XT_TARGET_SECMARK=m
>>  CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
>>  # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
>> +CONFIG_NETFILTER_XT_TARGET_TPROXY=m
>>  CONFIG_NETFILTER_XT_TARGET_TRACE=m
>>  CONFIG_NETLABEL=y
>>  CONFIG_NETPOLL=y
> 
> 

Stefan,

Unless I'm missing something, the NETFILTER configuration options
are the same for amd64, i386 and with this patch lpia.

Brad

-- 
Brad Figg brad.figg at canonical.com http://www.canonical.com

More information about the kernel-team mailing list