Bug 208014 - libipt_dstlimit missing from iptables package
Summary: libipt_dstlimit missing from iptables package
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: glibc-kernheaders
Version: 4.4
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: David Woodhouse
QA Contact: Brian Brock
Depends On:
Blocks: 218848
TreeView+ depends on / blocked
Reported: 2006-09-25 20:41 UTC by Terry Jones
Modified: 2007-11-17 01:14 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2006-12-08 14:30:54 UTC

Attachments (Terms of Use)

Description Terry Jones 2006-09-25 20:41:36 UTC
Description of problem:
Error when trying to insert iptables rule with -m dstlimit flag. Reports
libipt_dstlimit.so missing

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. load iptables
2. try to add rule with -m dstlimit 
Actual results:
Error message:
iptables v1.2.11: Couldn't load match
`dstlimit':/lib/iptables/libipt_dstlimit.so: cannot open shared object file: No
such file or directory

Expected results:
Rule to load - no error

Additional info:

Comment 1 Thomas Woerner 2006-09-26 10:05:17 UTC
There is no dstlimit netfilter kernel module in the current RHEL-4 kernel and
ipt_dstlimit.h in not part of glibc-kernheaders.

Please apply to kernel and glibc-kernheaders for inclusion of dstlimit, then
reapply to iptables. 
BTW: dstlimit is not part of the standard iptables build.

Comment 2 Terry Jones 2006-09-26 16:08:05 UTC
Request moved to glibc-kernheaders.

Can we get the dstlimit included in iptables? 

Comment 3 David Woodhouse 2006-12-07 19:18:18 UTC
Not a lot of point in that unless we add the feature to our kernel.

Comment 4 Linda Wang 2006-12-07 20:42:03 UTC
There are actually two requests here:
dstlimit support in kernel, and to have glibc-kernheader headerfile for
inclusion in U6.  This bug is to track the kernel header file inclusion.
So clone this RFE for dstlimit support in the kernel, and
clone this REF to include libipt_dstlimit into iptables package.

Comment 5 Daniel Riek 2006-12-08 14:16:45 UTC
Adding the FutureFeature Keyword.

As this is a feature request we will need a proper business justification to add
it to RHEL4.

At this point the threshhold will be very high, so PM NAKing for now. Will need
to be re-requested.


Comment 6 Daniel Riek 2006-12-08 14:21:58 UTC
Additional information:
Upstream the module has been deprecated and replaced by hashlimit. That is in RHEL5

Comment 7 RHEL Product and Program Management 2006-12-08 14:30:54 UTC
Product Management has reviewed and declined this request.  You may appeal this
decision by reopening this request. 

Note You need to log in before you can comment on or make changes to this bug.