I had a similar problem with the 2.6.20 kernel, I don't run shorewall but use the -m state --state
etc line. I found that there were some "new" items in the config that were necessary for
the use of state, in particular related to 'conntrack'. Conntack needs to be enabled, I'm not sure
how much and can't remember exactly what all was "new", but below are some of the entries
I use. I believe the first two are essential.
CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK_SUPPORT=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CT_ACCT=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
I believe conntrack and state related item need to be enabled, Y or M, for the
-m state --state use. When I tried to state my FW script it failed with :
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Hope this helps, or maybe you have it fixed already
oscara
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
