Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 233475 - The iptables time module is not enabled in the kernel
The iptables time module is not enabled in the kernel
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Brian Brock
Depends On: 195918
  Show dependency treegraph
Reported: 2007-03-22 13:58 EDT by Fred Trotter
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-26 01:18:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Fred Trotter 2007-03-22 13:58:06 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20070313 Fedora/ Firefox/

Description of problem:
This was originally a bug against iptables, but the fix is in the kernel.>>
The problem is that iptables will not accept time related rules out-of-the-box even though that is pretty basic firewall functionality. From Thomas Woerners last comment>

>The time module is not enabled in the kernel and the header file is therefore
>not part of kernel-headers.
>Please assign to kernel for inclusion there and then to kernel-headers.
>A simple rebuild iptables will then enable it there, too.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a time based rule in iptables like this one.
$IPTABLESCOMMAND -A OUTPUT -m time  --timestart 09:00  --timestop 17:00  --days Mon,Tue,Wed,Thu,Fri 
2. Get error like this one...
iptables v1.3.5: Couldn't load match `time':/lib/iptables/libipt_time.so: cannot open shared object file: No such file or directory


Actual Results:
iptables v1.3.5: Couldn't load match `time':/lib/iptables/libipt_time.so: cannot open shared object file: No such file or directory

Expected Results:
rule should have become part of current firewall 

Additional info:
Comment 1 Chuck Ebbert 2007-03-23 13:26:41 EDT
I don't know what the "time" module is in iptables.

What kernel option needs to be enabled?

Comment 2 Dave Jones 2007-03-26 01:18:38 EDT
iptables userspace moves faster than kernelspace.  There's no way we're going to
start merging iptables modules before they get upstream due to there being so
many of them, and the uncertainty of the length of time we'd have to carry them.

This will get fixed when the module gets into upstream kernel.org kernels, and
the Fedora kernel rebases.
Comment 3 Fred Trotter 2007-03-26 01:47:44 EDT
Ok. This is a big problem. This means that in order to get basic firewall
functionality out of Fedora I have to recompile the kernel. Further it makes me
wonder just which modules that the iptables man page mentions are also missing.
Can I rely on anything working there that I have not tested myself? I am very
willing to be the squeeky wheel on this but I still do not who to push. What I
need is something like. "Talk to (Insert Name here) over at (insert project
here) once they fix it we will too. 
Comment 4 Dave Jones 2007-03-26 02:20:48 EDT
Recompiling the kernel isn't going to help you. The module _is not there_ to be
built.  If it was included, I'd have enabled it.

talk to the netfilter guys to get their module upstream.

Note You need to log in before you can comment on or make changes to this bug.