From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0) Description of problem: The portsentry.conf file has no entry for iptables in the "KILL_ROUTE" section. How reproducible: Always Steps to Reproduce: 1.install portsentry 2.edit portsentry.conf 3.Look in Dropping Routes section Actual Results: # New ipchain support for Linux kernel version 2.102+ KILL_ROUTE="/sbin/ipchains -I input -s $TARGET$ -j DENY -l" Expected Results: # New iptables support for Linux kernel version 2.4+ KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j DROP -l" Additional info: The expected results may be wrong but that is what I manually change it to and it seems to work. Maybe just needs tweaking or something to work more correctly.
How is it not working? I do notice that you have the "-l" still in there from ipchains, perhaps you shouldn't do that with iptables and use the "--log-level" flag instead? (I don't have much experience with iptables yet) Tim
What I meant is that only "ipchains" is in the config file, nothing for iptables. I changed the ipchains myself manually to iptables so it would work.
Do this was more of an enhancement request than a bug. Sorry for misunderstanding you. I updated the config file patch to include an iptables entry (the same as you have in the report). Thanks for the report. Look for portsentry-1.0-13 in rawhide when rawhide is updated again. It is moving to the distro from Powertools, so look there instead. Tim