Description of problem: ip6tables -j REJECT support is not compiled due to incorrect glibc-kernheaders. Version-Release number of selected component (if applicable): 1.3.4-2 How reproducible: always Steps to Reproduce: 1. ip6tables -A INPUT -j REJECT --reject-with adm-prohibited Actual results: ip6tables v1.3.4: Unknown arg `--reject-with' Try `ip6tables -h' or 'ip6tables --help' for more information. Expected results: ip6tables rule should be added to INPUT chain with REJECT target, causing ICMP message type adm-prohibited to be sent back. Additional info: /lib/iptables/libip6t_REJECT.so is missing from the package. This is caused by a test in iptables-1.3.4/extensions/.REJECT-test6: #!/bin/sh FILE=$KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_REJECT.h # True if REJECT is applied. [ -f $FILE ] && grep IP6T_ICMP6_NO_ROUTE 2>&1 >/dev/null $FILE && echo REJECT $KERNEL_DIR is defined as /usr. /usr/include/linux/netfilter_ipv6/ip6t_REJECT.h comes from glibc-kernheaders with incorrect enum definitions. The kernel-devel include files have the correct enum definitions. See bug #173699 against glibc-kernheaders. Fixing that bug and then rebuilding iptables fixes this bug.
Reposting last comment from Charles as it got lost due hardware failure: glibc-kernheaders-3.0-41 is now fixed. Can you please rebuild iptables? Thanks.
Rawhide iptables-ipv6-1.3.5-1.2.1 has this fixed. Thanks.