Description of problem: The connbytes match module is described in the documentation (man iptables - under EXTENSIONS) but is not built or included in the package. The kernel level modules are present in the kernel package and the kernel headers are present in the kernel-devel package (but not in the glibc-kernheaders package, unfortunately). Version-Release number of selected component (if applicable): 1.3.5-1.2 How reproducible: Very... Steps to Reproduce: Run iptables ... -m connbytes ... Actual results: Failure to load libipt_connbytes iptables v1.3.5: Couldn't load match `connbytes':/lib/iptables/libipt_connbytes.so: cannot open shared object file: No such file or directory Expected results: Rule gets loaded with no error. Additional info: To fix this, I had to copy linux/netfilter_ipv4/ipt_connbytes.h and linux/netfilter/xt_connbytes.h into appropriate /usr/include/linux directorys (netfilter had to be created). Then create a patch file for the extensions Makefile and include that in the spec and rebuild. If the module is in the kernel binaries package, it's kinda useless without support in iptables. Unfortunate that it also required copy some kernel headers over to /usr/include. Means that glibc-kernheaders has to be modified as well.
This has been fixed in iptables-1.3.8-2 in rawhide and for testing packages in FC-6 and F-7. I am sorry, but FC-5 is EOL. Closing as "WONTFIX"