>>>>> "chuck" == Chuck Shirley <[EMAIL PROTECTED]> writes:
chuck> On Thursday 07 February 2002 13:57, Juan Quintela wrote:
>>>>>>> "richard" == richard <[EMAIL PROTECTED]> writes:
>>
richard> Hi Chuck if its any help the last kernel that did not cause this problem
richard> was 2.4.17-2.. So maybe routing through the change notes might reveal
richard> something. 2.4.17-2 works ok with iptables..
richard> might give a kernel guru a clue ???
>>
>> The only change there was the quota support, humm, that also changed
>> inodes, but netfilter don't use inodes at all :(
>>
>> /me thinking about that.
>>
>> Later, Juan.
>>
chuck> The starange thing is, the filters still come up and function.
chuck> Even the binary rpm works just fine, execpt for the core that it
chuck> leaves in the root direcroy on boot, or in whatever directory I'm
chuck> in at the time I manually start the bastille-firewall service.
chuck> Curiously, If the bastille-firewall service is started, and I start
chuck> it again, iptables complains about the script, but does not dump
chuck> core:
chuck> [root@localhost chas]# service bastille-firewall start
chuck> iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks ==
(1 << 0 | 1 << 3)' failed.
chuck> /sbin/bastille-netfilter: line 578: 513 Aborted ${IPTABLES}
-t mangle -F PREROUTING
chuck> Setting up IP spoofing protection... done.
chuck> Allowing traffic from trusted interfaces... done.
chuck> Setting up chains for public/internal interface traffic... done.
chuck> Setting up general rules... done.
chuck> Setting up outbound rules... done.
chuck> [root@localhost chas]# ls | grep core
chuck> [root@localhost chas]#
Today will be a new kernel that fixes that, I hope. It is taking
longer than expected because I want to maintaing compatible with
normal kernel.
Later, Juan.
--
In theory, practice and theory are the same, but in practice they
are different -- Larry McVoy
