[Firehol-support] 3.0 RC iptables-restore v1.4.14: unknown option "--update-counters"
Tsaousis, Costa
costa at tsaousis.gr
Fri Apr 10 02:18:00 CEST 2015
David,
I just recalled we also have support for the old ipset version.
Edit /etc/firehol/firehol-defaults.conf and set this:
IPSET_SRC_DST_OPTIONS=
(just empty - nothing after the equal sign)
You can also put this at the top of your firehol.conf.
Of course the best way is to update ipset and iptables (I think you
will also need to update your kernel).
Costa
On Thu, Apr 9, 2015 at 4:40 PM, Tsaousis, Costa <costa at tsaousis.gr> wrote:
> Hi David,
>
> you have an old version of iptables (and probably old ipset too).
>
> You should update your system to use these features (you will need
> ipset above v6.19 and the matching iptables version).
>
> Costa
>
>
> On Thu, Apr 9, 2015 at 3:13 PM, David Touzeau <david at articatech.com> wrote:
>>
>> Dear
>>
>> Using this configuration:
>>
>> ipv4 ipset create proxy_white_ssl hash:ip
>> ipv4 ipset addfile proxy_white_ssl ips proxy_ssl_whitelist
>> ipv4 ipset create MyIPs hash:ip
>> ipv4 ipset addfile MyIPs ips MyIPs
>>
>> # * * * * Transparent Proxy * * * *
>> transparent_squid 16639 squid dst not ipset:proxy_white_ssl
>> transparent_proxy 443 24472 squid dst not ipset:proxy_white_ssl
>>
>>
>> I receive this error
>>
>>
>> iptables-restore v1.4.14: unknown option "--update-counters"
>> Error occurred at line: 147
>> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>>
>> Offending line:
>> -A PREROUTING -p tcp --sport 1024:65535 -m set ! --match-set proxy_white_ssl
>> dst ! --update-counters ! --update-subcounters --dport 80 -j REDIRECT
>> --to-ports 16639
>>
>> FAILED
>>
>>
>> How can fix it ?
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support
More information about the Firehol-support
mailing list