Red Hat Bugzilla – Bug 80073
ip6tables missing REJECT module
Last modified: 2007-04-18 12:49:10 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202
Description of problem:
When using ip6tables to add rules in the FORWARD chain with a target of REJECT,
it complains about the REJECT module not existing. The man page describes a
REJECT target, so I was expecting it to be there.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.ip6tables -A FORWARD -j reject
Actual Results: ip6tables v1.2.6a: Couldn't load target
`REJECT':/lib/iptables/libip6t_REJECT.so: cannot open shared object file: No
such file or directory
Try `ip6tables -h' or 'ip6tables --help' for more information.
Expected Results: I expected a rule with a target of REJECT to appear in the
FORWARD chain of the IPv6 filter table.
The IPv6 REJECT target userspace extension module is built conditionally. That
means, it is built only if the corresponding optional (and pending) Netfilter
kernel patch has been applied to the kernel source. This doesn't seem to be the
case with Red Hat's kernel (and FWIW, neither the kernel of other distributors,
e.g. MandrakeSoft or Connectiva).
Apart from that, the iptables package spec file does not set KERNEL_DIR.
Therefore, all kernel feature tests would fail, because iptables' Makefile falls
back to KERNEL_DIR=/usr/src/linux which doesn't work with Red Hat Linux.
Since we don't add that patch, we probably won't build that feature.