apache and nimda (now iptables)

From: J. Rowan (security@jretrading.com)
Date: 02/01/02


Date: Fri, 1 Feb 2002 21:33:26 +0000
To: focus-linux@securityfocus.com
From: "J. Rowan" <security@jretrading.com>


>How did you do that? I have iptables v1.2.5 on a 2.4.17
>and is not working for me. I did not see the "--string"
>option on iptables man page.

>This is the error I get:
>Try `iptables -h' or 'iptables --help' for more information.
>iptables v1.2.5: Couldn't load match
>`string':/usr/local/lib/iptables/libipt_string.so: cannot open
>shared object file: No such file or directory

>My compile did not generate a "libipt_string.so". I must have
>missed something somewhere.

Iptables has an odd compile method: almost all of it consists of kernel
patches, which are applied on a "do you want this?" basis by the Patch-
O-Matic system. Various make options (e.g. make pending, make most-of-
pom) select sets of patches to apply, and the strings target is in one
of them.

Something strange is currently going on. Some patches are not being
offered (the new NAT suite) which contains among other things, H323
connection tracking. I manually loaded this set but couldn't get it to
patch (1.2.5 on 2.4.16), and a web search suggests there's something
wrong with these patches and recent kernels. I'm not sure if the strings
target patch is in this group. If it isn't, then you should find it
among the full set of patches.

-- 
security@jretrading.com



Relevant Pages

  • Re: Look what Ive found
    ... > and I also scanned myself with nmap and I got no log. ... > Runing RH9.0 with latest patches, iptables, with everything closed, ...
    (comp.os.linux.security)
  • Re: Xtables, Xtables-addons 1.5.1
    ... Patrick McHardy wrote: ... branched off the iptables subversion trunk into git since quilting on ... so feel free to post patches:) ... What have become of the idea of gitifying the netfilter svn? ...
    (Linux-Kernel)
  • Re: [announce] Xtables, Xtables-addons 1.5.1 and Writing Xtables Modules
    ... Patrick McHardy was not ... available last week to merge patches due to higher powers, ... branched off the iptables subversion trunk into git since quilting on ... so feel free to post patches:) ...
    (Linux-Kernel)
  • Redhat 7.3 DoS attack
    ... configured its network and made it online(did not touch the iptables). ... 1)simiple root password? ... I plan to install RH8 with all the latest patches. ...
    (comp.os.linux.security)
  • Re: Please Help!!! Redhat 7.2 with IPTABLES 1.2.6a
    ... > Recently Sherif wrote: ... >> iptables v1.2.6a: Couldn't load target ... >> open shared object file: ...
    (comp.os.linux.security)