IPTABLES + Xtables-Addons: Missing file?

Support for security such as Firewalls and securing linux
Posts: 3
Joined: 2016/12/22 10:49:26

IPTABLES + Xtables-Addons: Missing file?

Postby wa7qzr » 2017/05/19 08:12:18

Hello. I've an issue with iptables and Xtables-addons xtables-addons-1.47.1.
My system is:
CentOS release 6.9 (Final)
iptables v1.4.7

When trying to start iptables with an geoip rule, such as "$IPTABLES -A INPUT -p tcp -m tcp --match geoip ! --src-cc US", this happens:
"Couldn't load match `geoip':/lib/xtables/libipt_geoip.so: cannot open shared object file: No such file or directory"

From what I could find, it looks like libipt_geoip.so is supposed to be part of iptables, (in spite of the fact it's in the xtables directory), but I can't find it anywhere on the system. I don't really want to recompile the kernel, which is the "help" provided elsewhere on the Internet, seemed to suggest I should do.

The funny thing is, it seems to me this worked a couple of kernel releases back, but I don't have access to my other systems which were configured to use the geoip target to confirm it.

User avatar
Forum Moderator
Posts: 20322
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: IPTABLES + Xtables-Addons: Missing file?

Postby TrevorH » 2017/05/19 08:22:40

We don't ship that portion of iptables on CentOS 6 or 7 and never have.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Posts: 3
Joined: 2016/12/22 10:49:26

Re: IPTABLES + Xtables-Addons: Missing file?

Postby wa7qzr » 2017/05/19 18:18:30

Yeah. I knew that. I was just hoping someone, who uses Xtables-addons with iptables, would have encountered this problem and discovered a fix for it.

If you don't mind, I'll leave the question up for a few days. If I don't get any helpful responses in the next few days, I'll delete it and toss it into the bit-bucket along with my Google-earth and Firefox issues.

As a note: The only way to make this work, and I'm not sure it's really working working until something violates the rules, is to completely disable selinux.

Abandonment is a terrible thing.