Bug 233475 - The iptables time module is not enabled in the kernel
Summary: The iptables time module is not enabled in the kernel
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 6
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Brian Brock
Depends On: 195918
TreeView+ depends on / blocked
Reported: 2007-03-22 17:58 UTC by Fred Trotter
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-03-26 05:18:38 UTC
Type: ---

Attachments (Terms of Use)

Description Fred Trotter 2007-03-22 17:58:06 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20070313 Fedora/ Firefox/

Description of problem:
This was originally a bug against iptables, but the fix is in the kernel.>>
The problem is that iptables will not accept time related rules out-of-the-box even though that is pretty basic firewall functionality. From Thomas Woerners last comment>

>The time module is not enabled in the kernel and the header file is therefore
>not part of kernel-headers.
>Please assign to kernel for inclusion there and then to kernel-headers.
>A simple rebuild iptables will then enable it there, too.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a time based rule in iptables like this one.
$IPTABLESCOMMAND -A OUTPUT -m time  --timestart 09:00  --timestop 17:00  --days Mon,Tue,Wed,Thu,Fri 
2. Get error like this one...
iptables v1.3.5: Couldn't load match `time':/lib/iptables/libipt_time.so: cannot open shared object file: No such file or directory


Actual Results:
iptables v1.3.5: Couldn't load match `time':/lib/iptables/libipt_time.so: cannot open shared object file: No such file or directory

Expected Results:
rule should have become part of current firewall 

Additional info:

Comment 1 Chuck Ebbert 2007-03-23 17:26:41 UTC
I don't know what the "time" module is in iptables.

What kernel option needs to be enabled?

Comment 2 Dave Jones 2007-03-26 05:18:38 UTC
iptables userspace moves faster than kernelspace.  There's no way we're going to
start merging iptables modules before they get upstream due to there being so
many of them, and the uncertainty of the length of time we'd have to carry them.

This will get fixed when the module gets into upstream kernel.org kernels, and
the Fedora kernel rebases.

Comment 3 Fred Trotter 2007-03-26 05:47:44 UTC
Ok. This is a big problem. This means that in order to get basic firewall
functionality out of Fedora I have to recompile the kernel. Further it makes me
wonder just which modules that the iptables man page mentions are also missing.
Can I rely on anything working there that I have not tested myself? I am very
willing to be the squeeky wheel on this but I still do not who to push. What I
need is something like. "Talk to (Insert Name here) over at (insert project
here) once they fix it we will too. 

Comment 4 Dave Jones 2007-03-26 06:20:48 UTC
Recompiling the kernel isn't going to help you. The module _is not there_ to be
built.  If it was included, I'd have enabled it.

talk to the netfilter guys to get their module upstream.

Note You need to log in before you can comment on or make changes to this bug.