Page 1 of 1

IPTABLES + Xtables-Addons: Missing file?

Posted: 2017/05/19 08:12:18
by wa7qzr
Hello. I've an issue with iptables and Xtables-addons xtables-addons-1.47.1.
My system is:
CentOS release 6.9 (Final)
iptables v1.4.7

When trying to start iptables with an geoip rule, such as "$IPTABLES -A INPUT -p tcp -m tcp --match geoip ! --src-cc US", this happens:
"Couldn't load match `geoip':/lib/xtables/ cannot open shared object file: No such file or directory"

From what I could find, it looks like is supposed to be part of iptables, (in spite of the fact it's in the xtables directory), but I can't find it anywhere on the system. I don't really want to recompile the kernel, which is the "help" provided elsewhere on the Internet, seemed to suggest I should do.

The funny thing is, it seems to me this worked a couple of kernel releases back, but I don't have access to my other systems which were configured to use the geoip target to confirm it.

Re: IPTABLES + Xtables-Addons: Missing file?

Posted: 2017/05/19 08:22:40
by TrevorH
We don't ship that portion of iptables on CentOS 6 or 7 and never have.

Re: IPTABLES + Xtables-Addons: Missing file?

Posted: 2017/05/19 18:18:30
by wa7qzr
Yeah. I knew that. I was just hoping someone, who uses Xtables-addons with iptables, would have encountered this problem and discovered a fix for it.

If you don't mind, I'll leave the question up for a few days. If I don't get any helpful responses in the next few days, I'll delete it and toss it into the bit-bucket along with my Google-earth and Firefox issues.

As a note: The only way to make this work, and I'm not sure it's really working working until something violates the rules, is to completely disable selinux.

Abandonment is a terrible thing.