Linode Forum

[Chief_RunningProcess]

Hey Guys,

I'm trying to use CSF Firewall on my VPS and am unable to use the check-owner functions of IPTables with the following error:
Code: # /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for CONNLIMIT feature
Testing ipt_owner/xt_owner...FAILED [Error: iptables: Unknown error 18446744073709551615] - Required for SMTP_BLOCK and UID/GID blocking features
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf will function on this server but some features will not work due to some missing iptables modules [2]


The Kernel I'm running is 3.0.4-x86_64-linode21 on CentOS 5.6

I've checked /proc/config.gz and these modules were apparently built in to the kernel, but for some reason they don't seem to be working and IPTables just throws the "unknown error" which usually means the module isn't loaded.

Hoping someone can help,

Cheers

[Chief_RunningProcess]

I've fixed this now

For all interested, the issue lies with the CentOS iptables tools being too old, I built iptables from source and it resolved my issue.

[Guspaz]

It's not that CentOS' iptables tools are too old, it's that CentOS 5.x is too old. It's a 4+ year old major revision running on a 5+ year old kernel. Heck, 5.6 isn't even the latest 5.x (5.7 is), and 5.x in general is on the verge of going EOL for full updates (Q4 2011).

You would probably have better luck with CentOS 6, which at least is only about a year old (based on the RHEL release date). It's based on 2.6.32, at least, which is only ~2 years old.