[Firehol-support] 3.0 RC iptables-restore v1.4.14: unknown option "--update-counters"

Tsaousis, Costa costa at tsaousis.gr
Sat Apr 11 06:44:17 CEST 2015


I see.

I  cannot do much though. ipset 6.12 was released 10 May 2012, 3 years ago...
I you do empty the variable IPSET_SRC_DST_OPTIONS, firehol will accept
ipsets in src/dst even on this old version.

Costa

On Fri, Apr 10, 2015 at 2:10 PM, David Touzeau <david at articatech.com> wrote:
> Thanks
>
> But the main issue is our using the latest Debian version 7.8 latest version
> is 6.12.1-1
> This new version is on the "testing" repository.
>
>
>
> Le 10/04/2015 02:18, Tsaousis, Costa a écrit :
>>
>> David,
>>
>> I just recalled we also have support for the old ipset version.
>>
>> Edit /etc/firehol/firehol-defaults.conf and set this:
>>
>> IPSET_SRC_DST_OPTIONS=
>>
>> (just empty - nothing after the equal sign)
>>
>> You can also put this at the top of your firehol.conf.
>>
>> Of course the best way is to update ipset and iptables (I think you
>> will also need to update your kernel).
>>
>> Costa
>>
>>
>>
>> On Thu, Apr 9, 2015 at 4:40 PM, Tsaousis, Costa <costa at tsaousis.gr> wrote:
>>>
>>> Hi David,
>>>
>>> you have an old version of iptables (and probably old ipset too).
>>>
>>> You should update your system to use these features (you will need
>>> ipset above v6.19 and the matching iptables version).
>>>
>>> Costa
>>>
>>>
>>> On Thu, Apr 9, 2015 at 3:13 PM, David Touzeau <david at articatech.com>
>>> wrote:
>>>>
>>>> Dear
>>>>
>>>> Using this configuration:
>>>>
>>>> ipv4 ipset create proxy_white_ssl hash:ip
>>>> ipv4 ipset addfile proxy_white_ssl ips proxy_ssl_whitelist
>>>> ipv4 ipset create MyIPs hash:ip
>>>> ipv4 ipset addfile MyIPs ips MyIPs
>>>>
>>>> # * * * * Transparent Proxy * * * *
>>>> transparent_squid 16639 squid dst not ipset:proxy_white_ssl
>>>> transparent_proxy 443 24472 squid dst not ipset:proxy_white_ssl
>>>>
>>>>
>>>> I receive this error
>>>>
>>>>
>>>> iptables-restore v1.4.14: unknown option "--update-counters"
>>>> Error occurred at line: 147
>>>> Try `iptables-restore -h' or 'iptables-restore --help' for more
>>>> information.
>>>>
>>>> Offending line:
>>>> -A PREROUTING -p tcp --sport 1024:65535 -m set ! --match-set
>>>> proxy_white_ssl
>>>> dst ! --update-counters ! --update-subcounters --dport 80 -j REDIRECT
>>>> --to-ports 16639
>>>>
>>>>   FAILED
>>>>
>>>>
>>>> How can fix it ?
>>>> _______________________________________________
>>>> Firehol-support mailing list
>>>> Firehol-support at lists.firehol.org
>>>> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>


More information about the Firehol-support mailing list