Bug 89565
Summary: | iptables TTL target does not work | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Derkjan de Haan <haanjdj> |
Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | bugs.michael |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
URL: | http://www.netfilter.org | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-04-22 12:27:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Derkjan de Haan
2003-04-24 13:15:23 UTC
Looks like an upstream bug. The netfilter TTL target requires the TTL.patch from netfilter patch-o-matic, which has not been integrated within the 2.4 Linux kernel yet. Upon building the netfilter userspace tools, it is not checked whether the TTL target is supported at kernel level. The TTL target is not in the manual page either. The fix for Red Hat's iptables package would be to remove the TTL userspace extension modules in the spec file: rm -f %{buildroot}/%{_lib}/iptables/libipt_TTL.so Well, I'd rather see this option implemented properly than being removed altogether. But if it's removed, then deleting libipt_TTL.so wouldn't suffice, because it's mentioned in other places as well, for example in the command- line help of iptables: #iptables -j TTL --help <generic output removed> TTL target v1.2.7a options --ttl-set value Set TTL to <value> --ttl-dec value Decrement TTL by <value> --ttl-inc value Increment TTL by <value> Remove /lib/iptables/libipt_TTL.so and try again. You won't see that help text again. Fixed in rawhide: kernel 2.6 is supporting ipt_ttl. |