233475 – The iptables time module is not enabled in the kernel

Bug 233475 - The iptables time module is not enabled in the kernel

Summary: The iptables time module is not enabled in the kernel

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:	195918
Blocks:
TreeView+	depends on / blocked

Reported:	2007-03-22 17:58 UTC by Fred Trotter
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-03-26 05:18:38 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Fred Trotter 2007-03-22 17:58:06 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070313 Fedora/1.5.0.10-5.fc6 Firefox/1.5.0.10

Description of problem:
This was originally a bug against iptables, but the fix is in the kernel.>>
The problem is that iptables will not accept time related rules out-of-the-box even though that is pretty basic firewall functionality. From Thomas Woerners last comment>

>The time module is not enabled in the kernel and the header file is therefore
>not part of kernel-headers.
>
>Please assign to kernel for inclusion there and then to kernel-headers.
>
>A simple rebuild iptables will then enable it there, too.



Version-Release number of selected component (if applicable):
kernel-2.6.20-1.2925.fc6

How reproducible:
Always


Steps to Reproduce:
1. Create a time based rule in iptables like this one.
$IPTABLESCOMMAND -A OUTPUT -m time  --timestart 09:00  --timestop 17:00  --days Mon,Tue,Wed,Thu,Fri 
2. Get error like this one...
iptables v1.3.5: Couldn't load match `time':/lib/iptables/libipt_time.so: cannot open shared object file: No such file or directory

3.

Actual Results:
iptables v1.3.5: Couldn't load match `time':/lib/iptables/libipt_time.so: cannot open shared object file: No such file or directory


Expected Results:
rule should have become part of current firewall 

Additional info:

Comment 1 Chuck Ebbert 2007-03-23 17:26:41 UTC

I don't know what the "time" module is in iptables.

What kernel option needs to be enabled?

Comment 2 Dave Jones 2007-03-26 05:18:38 UTC

iptables userspace moves faster than kernelspace.  There's no way we're going to
start merging iptables modules before they get upstream due to there being so
many of them, and the uncertainty of the length of time we'd have to carry them.

This will get fixed when the module gets into upstream kernel.org kernels, and
the Fedora kernel rebases.

Comment 3 Fred Trotter 2007-03-26 05:47:44 UTC

Ok. This is a big problem. This means that in order to get basic firewall
functionality out of Fedora I have to recompile the kernel. Further it makes me
wonder just which modules that the iptables man page mentions are also missing.
Can I rely on anything working there that I have not tested myself? I am very
willing to be the squeeky wheel on this but I still do not who to push. What I
need is something like. "Talk to (Insert Name here) over at (insert project
here) once they fix it we will too.

Comment 4 Dave Jones 2007-03-26 06:20:48 UTC

Recompiling the kernel isn't going to help you. The module _is not there_ to be
built.  If it was included, I'd have enabled it.

talk to the netfilter guys to get their module upstream.

Note You need to log in before you can comment on or make changes to this bug.