I've noticed that it appears the Centos 6.2 kernel does not support the xt_recent --reap capability.
Its very strange, as Ubuntu server 10.10 even had it, and that was quite a while ago.
Does anyone know when Centos is going to get a kernel update to support a modern xt_recent kernel module?
iptables xt_recent kernel module with --reap support
iptables xt_recent kernel module with --reap support
Ubuntu 10.10 changelogs say:
[quote]2010-03-04 - Tim Gardner
iptables (1.4.4-2ubuntu2) lucid; urgency=low
* Added support for the xt_recent filter --reap switch.
This feature should appear in the 1.4.[b]8[/b] upstream release.[/quote]
The iptables of CentOS 6.2 is formally version 1.4.[b]7[/b], and TUV follows its own backport policies.
For comparison, the manpage of Fedora 15 (iptables-1.4.10) does not mention --reap either (F15 is now old though).
Recent Ubuntu [url=https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/887332]bug[/url] claims lack of --reap as well. :lol:
We do know that CentOS does get kernel feature updates if and when TUV does so.
[quote]2010-03-04 - Tim Gardner
iptables (1.4.4-2ubuntu2) lucid; urgency=low
* Added support for the xt_recent filter --reap switch.
This feature should appear in the 1.4.[b]8[/b] upstream release.[/quote]
The iptables of CentOS 6.2 is formally version 1.4.[b]7[/b], and TUV follows its own backport policies.
For comparison, the manpage of Fedora 15 (iptables-1.4.10) does not mention --reap either (F15 is now old though).
Recent Ubuntu [url=https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/887332]bug[/url] claims lack of --reap as well. :lol:
We do know that CentOS does get kernel feature updates if and when TUV does so.
Re: iptables xt_recent kernel module with --reap support
Thanks for the quick response!
Just an FYI, and that is Ubuntu server 10.10 has iptables 1.4.4, and --reap works. Ubuntu server 11.10 has iptables 1.4.10, and --reap works. I use both of those distributions for game servers, and want to switch them to Centos 6.2.
However, the iptables rules I use to protect some of the older q3-protocol linux servers just flat out won't work with Centos 6.2. Not having the --reap option breaks retirement in dynamic whitelisting of players.
Centos 6.2 is newer (12.11) than either of those distributions. It's just frustrating to be using a feature that's been in Ubuntu so long and find out that its not in the latest release of Centos.
I even recompiled and installed the latest iptables (1.4.13) from www.netfilter.org. The end result was that iptables no longer barked about the --reap option, but it just didn't work. It wasn't until I did some further digging did I realize that it has to be in the xt_recent kernel module too, and that all I did was make the iptables program not complain about a feature not there.
I guess the only thing to do it to try to rebuild the xt_recent kernel module myself to get --reap? I really would like to use Centos 6.2 instead of Ubuntu Server, but at this point I just can't.
Thanks,
Boyd
Just an FYI, and that is Ubuntu server 10.10 has iptables 1.4.4, and --reap works. Ubuntu server 11.10 has iptables 1.4.10, and --reap works. I use both of those distributions for game servers, and want to switch them to Centos 6.2.
However, the iptables rules I use to protect some of the older q3-protocol linux servers just flat out won't work with Centos 6.2. Not having the --reap option breaks retirement in dynamic whitelisting of players.
Centos 6.2 is newer (12.11) than either of those distributions. It's just frustrating to be using a feature that's been in Ubuntu so long and find out that its not in the latest release of Centos.
I even recompiled and installed the latest iptables (1.4.13) from www.netfilter.org. The end result was that iptables no longer barked about the --reap option, but it just didn't work. It wasn't until I did some further digging did I realize that it has to be in the xt_recent kernel module too, and that all I did was make the iptables program not complain about a feature not there.
I guess the only thing to do it to try to rebuild the xt_recent kernel module myself to get --reap? I really would like to use Centos 6.2 instead of Ubuntu Server, but at this point I just can't.
Thanks,
Boyd
Re: iptables xt_recent kernel module with --reap support
The ELRepo has a kernel-ml repo that has updateed mainline kernel packages for CentOS 6 that may contain this.
Re: iptables xt_recent kernel module with --reap support
Thanks Trevor, I'll check it out (pun intended).
:-D
:-D