[Firehol-support] 3.0 RC iptables-restore v1.4.14: unknown option "--update-counters"

David Touzeau david at articatech.com
Fri Apr 10 12:10:37 BST 2015


Thanks

But the main issue is our using the latest Debian version 7.8 latest 
version is 6.12.1-1
This new version is on the "testing" repository.


Le 10/04/2015 02:18, Tsaousis, Costa a écrit :
> David,
>
> I just recalled we also have support for the old ipset version.
>
> Edit /etc/firehol/firehol-defaults.conf and set this:
>
> IPSET_SRC_DST_OPTIONS=
>
> (just empty - nothing after the equal sign)
>
> You can also put this at the top of your firehol.conf.
>
> Of course the best way is to update ipset and iptables (I think you
> will also need to update your kernel).
>
> Costa
>
>
>
> On Thu, Apr 9, 2015 at 4:40 PM, Tsaousis, Costa <costa at tsaousis.gr> wrote:
>> Hi David,
>>
>> you have an old version of iptables (and probably old ipset too).
>>
>> You should update your system to use these features (you will need
>> ipset above v6.19 and the matching iptables version).
>>
>> Costa
>>
>>
>> On Thu, Apr 9, 2015 at 3:13 PM, David Touzeau <david at articatech.com> wrote:
>>> Dear
>>>
>>> Using this configuration:
>>>
>>> ipv4 ipset create proxy_white_ssl hash:ip
>>> ipv4 ipset addfile proxy_white_ssl ips proxy_ssl_whitelist
>>> ipv4 ipset create MyIPs hash:ip
>>> ipv4 ipset addfile MyIPs ips MyIPs
>>>
>>> # * * * * Transparent Proxy * * * *
>>> transparent_squid 16639 squid dst not ipset:proxy_white_ssl
>>> transparent_proxy 443 24472 squid dst not ipset:proxy_white_ssl
>>>
>>>
>>> I receive this error
>>>
>>>
>>> iptables-restore v1.4.14: unknown option "--update-counters"
>>> Error occurred at line: 147
>>> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>>>
>>> Offending line:
>>> -A PREROUTING -p tcp --sport 1024:65535 -m set ! --match-set proxy_white_ssl
>>> dst ! --update-counters ! --update-subcounters --dport 80 -j REDIRECT
>>> --to-ports 16639
>>>
>>>   FAILED
>>>
>>>
>>> How can fix it ?
>>> _______________________________________________
>>> Firehol-support mailing list
>>> Firehol-support at lists.firehol.org
>>> http://lists.firehol.org/mailman/listinfo/firehol-support




More information about the Firehol-support mailing list