Red Hat Bugzilla – Bug 155608
libipt_recent.so not built due to spec file problem
Last modified: 2007-11-30 17:07:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050415 Firefox/1.0.2 Red Hat/1.0.2-1.4.1.TL1
Description of problem:
All packages fully updated as of 04-21-05.
Missing /lib/iptables/libipt_recent.so, and so cannot match on recent.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Try adding the following rule:
iptables -A INPUT -m recent --name badguy --rcheck --seconds 60 -j DROP
Actual Results: The following error is printed:
iptables v1.2.8: Couldn't load match `recent':/lib/iptables/libipt_recent.so: cannot open shared object file: No such file or directory
Expected Results: No error should occur and the recent extension should be available.
This is the exact same bug as found in the closed bug report 106002.
Essentially, the spec file for this version of iptables has an error where KERNEL_DIR is defined as /usr but should be defined as /usr/src/linux-2.4
2.Fix spec file by changing KERNEL_DIR defs
from /usr to /usr/src/linux-2.4 (5 lines)
Okay, now I have another issue. After rebuilding the rpm and installing it, I
can add a line to match recent, and this works fine.
iptables -I INPUT -m recent --name badguy --rcheck --seconds 60 -j DROP
Saving the config and restarting iptables fails. During iptables restart, I'm
getting the following error:
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle nat filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: Bad argument `recent:'
Error occured at line: 25
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
This can be quite damaging as the firewall never gets loaded, and the machine is
wide-open for attack.
iptables-save is not saving the config correctly.
RHEL 4 works fine, and here is the saved data
-A INPUT -m recent --rcheck --seconds 60 --name badguy --rsource -j DROP
And here is what is saved under RHEL 3
-A INPUT -m recent recent: --seconds 1701970164 --hitcount 1953391971 --name
--rsource -j DROP
From RHEL 4, iptables-1.2.11-3.1.RHEL4.src.rpm has the same spec file problem.
Fixing and rebuilding iptables-1.2.11-3.1.RHEL4.src.rpm on RHEL 3 seems to work.
Can now add firewall rule to match on recent, and the rules are saved and
This approach has worked on my RHEL3 system also. Thanks. The 'recent' module
is very important in order to throttle ssh brute force attacks:
RHEL3 and RHEL4 really needs an iptables update asap.
iptables may not use the kernel headers directly. It has to use the
glibc-kernheaders instead. Assigning to glibc-kernheaders.
If is it fixed in the glibc-kernheaders package, please reassign to get the save
problem in the iptables recent module fixed.
Adding ipt_recent.h to glibc-kernheaders.
Actually, since iptables is probably the only user of these headers, it should
probably carry its own copy instead of putting them in /usr/include/linux.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.