Results 1 to 8 of 8

Thread: Iptables - ipset

  1. #1

    Iptables - ipset

    I have a SLES SP3 server that I am attempting to use ipset on.

    I have made a simple testing ipset using the following:

    Code:
    ipset -N sftpext hash:ip
    That works and I am able to add IP addresses to the ipset. However, I can't use the set in an iptables rule

    Code:
    iptables -A INPUT -m set --match-set sftpext src -j ACCEPT
    I get the following error:
    Code:
    iptables: No chain/target/match by that name
    Any help would be appreciated.

  2. #2

    Re: Iptables - ipset

    Well, I have good news and bad news. The good news is that I can
    duplicate what you have reported trivially. The bad news, of course, is
    that I cannot find a way around it. The error seems to imply that
    NetFilter knows enough about what's going on to try and find an ipset, but
    then it cannot for whatever reason.

    Do you have an earlier version of SLES (11 SP2, or 10 SP-whatever) where
    this works? I've never used this option before so my experience is
    limited to what I've done in the last hour tinkering.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3

    Re: Iptables - ipset

    I do not have an earlier version at this time. I am sure that I could get my hands on one though. I did test this at home on my opensuse machines (I know not apples to apples, but it is a sanity check of my command syntax) and it worked fine. I will see if I can reproduce it in an older version.

  4. #4

    Re: Iptables - ipset

    I have filed a software defect report on this issue.

  5. #5
    Join Date
    Nov 2012
    Location
    Rotterdam - Netherlands
    Posts
    320

    Re: Iptables - ipset

    Quote Originally Posted by scottrouseap View Post
    I have filed a software defect report on this issue.
    What is the defect number please ?

    Thanks
    Hans

  6. #6

    Re: Iptables - ipset

    I don't know what the defect number is. I just filed the report via the web form.

  7. #7
    Join Date
    Nov 2012
    Location
    Rotterdam - Netherlands
    Posts
    320

    Re: Iptables - ipset

    Hi Scott,

    Quote Originally Posted by scottrouseap View Post
    I don't know what the defect number is. I just filed the report via the web form.
    I found your report.

    Web based bug reports are not automatically turned into bugs, but first a service request is created for the team supporting the product the bug report was written for.
    They will need to confirm the bug report is indeed a bug and write the bug once confirmed.

    In your case, this (internal) SR number is 10866573211 and I have assigned it.
    I do have some issues with high priority to work on first, but I will test this asap and let you know how this goes.

    Please do ping me directly at "hvdheuvel_at_novell_dot_com" if you have anything to add to this report.

    Thanks
    Hans

  8. #8

    Re: Iptables - ipset

    Quote Originally Posted by HvdHeuvel View Post
    Hi Scott,



    I found your report.

    Web based bug reports are not automatically turned into bugs, but first a service request is created for the team supporting the product the bug report was written for.
    They will need to confirm the bug report is indeed a bug and write the bug once confirmed.

    In your case, this (internal) SR number is 10866573211 and I have assigned it.
    I do have some issues with high priority to work on first, but I will test this asap and let you know how this goes.

    Please do ping me directly at "hvdheuvel_at_novell_dot_com" if you have anything to add to this report.

    Thanks
    Hans
    Thanks Hans I appreciate the assistance with this bug.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •