Thanks Matt. I had looked at both articles; the netfilter.org one would
seem to require me to build a kernel - and doesn't give a lot of detail.
The shorewall one doesn't say "how" to set up xtables-addons.
There is no package xtables-addons in Ubuntu Xenial however I did install
the packages:
xtables-addons-common xtables-addons-dkms xtables-addons-source
Then I found another site suggesting I needed to run:
module-assistant auto-install xtables-addons-source
But when I did that, I got "Build of the package xtables-addon-source
failed" and on viewing the log file, it ends with information that is way
outside my knowledge area to resolve:
│ make[3]: Leaving directory
'/usr/src/linux-headers-4.4.0-66-generic'
│ make[2]: Leaving directory '/usr/src/modules/xtables-addons'
│ dh_auto_test -a
│ make -j1 test
│ make[2]: Entering directory '/usr/src/modules/xtables-addons'
│ CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/bash
│ /build/xtables-addons-ccJEnl/xtables-addons-2.10/build-aux/missing
│ autoconf
│ /bin/bash:
│
/build/xtables-addons-ccJEnl/xtables-addons-2.10/build-aux/missing: No
│ such file or directory
│ Makefile:413: recipe for target 'configure' failed
│ make[2]: *** [configure] Error 127
│ make[2]: Leaving directory '/usr/src/modules/xtables-addons'
│ dh_auto_test: make -j1 test returned exit code 2
│ debian/rules:48: recipe for target 'binary-modules' failed
│ make[1]: *** [binary-modules] Error 2
│ make[1]: Leaving directory '/usr/src/modules/xtables-addons'
│ /usr/share/modass/include/common-rules.make:56: recipe for target
│ 'kdist_build' failed
│ make: *** [kdist_build] Error 2
I have a feeling I am totally barking up the wrong tree, suggestions?
On Wed, Mar 29, 2017 at 10:41 AM, Matt Darfeuille <matd...@gmail.com> wrote:
> On 3/29/2017 8:30 AM, Norman Henderson wrote:
> > Hi, I am running 5.0.12 on Ubuntu 16.04.2 LTS with kernel 4.4.0-66 and
> > would like to use an ipset to control routing to a list of netblocks
> > (actually an entire country). I came up with the idea to set a Mark
> (based
> > on the ipset) in shorewall/mangle, and then route based on the Mark in
> > route_rules. What I get is:
> > ERROR: ipset names in Shorewall configuration files require Ipset Match
> in
> > your kernel and iptables.
> >
> > What isn't obvious after some searching, is how to enable IPset Match
> > support. In the kernel config file, there is a line:
> > CONFIG_NET_EMATCH_IPSET=m
> > So, I should be able to just load that should I not?
> > I attempted: modprobe em_ipset
> > which succeeded, but I still get the shorewall error.
> >
> > Help please and thank you!
> >
>
> Take a look at:
> http://shorewall.org/ipsets.html
>
> http://ipset.netfilter.org/
>
> -Matt
> --
> Matt Darfeuille
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
