[Firehol-support] Errors when running firehol

Jason Miller jason at milr.com
Sat Jan 24 17:56:47 GMT 2015 

On 09:32 Sat 24 Jan     , Phil Whineray wrote:
> Jason
> 
> On Fri, Jan 23, 2015 at 05:17:18PM -0800, Jason Miller wrote:
> > On 16:26 Fri 23 Jan     , Jason Miller wrote:
> > > On 00:04 Sat 24 Jan     , Phil Whineray wrote:
> > > > On Fri, Jan 23, 2015 at 03:26:16PM -0800, Jason Miller wrote:
> > > > > Hi Phil,
> > > > > On 22:58 Fri 23 Jan     , Phil Whineray wrote:
> > > > > > Hi Jason
> > > > > > 
> > > > > > On Fri, Jan 23, 2015 at 02:09:44PM -0800, Jason Miller wrote:
> > > > > > > I got a lot of errors the first time I tried running firehol 2.0:
> > > > > > > 
> > > > > > > 
> > > > > > > iptables: No chain/target/match by that name.
> 
> I'm a bit stumped to be honest. We can try and simplify to the minimum
> problem though.
> 
> If I clear any existing iptables, e.g.:
>   firehol stop
> 
> This command is successful for me:
>   /sbin/iptables -t filter -A OUTPUT -m conntrack --ctstate \
>      ESTABLISHED,RELATED -m helper --helper ftp -j ACCEPT
> 
> I expect that the iptables command will fail for you with the same error
> as reported via firehol.
yup
> 
> You can then try to see if it is conntrack / ftp helper / both:
>   /sbin/iptables -t filter -A OUTPUT -m conntrack --ctstate \
>      ESTABLISHED,RELATED -j ACCEPT
works
>   /sbin/iptables -t filter -A OUTPUT -m helper --helper ftp -j ACCEPT
> 
doesn't work; nf_conntrack_ftp is definitely loaded, see below
> Listing the tables, I can see all 3 rules (my output at the bottom):
>   firehol status
> 
> Regards
> Phil
Module                  Size  Used by
nf_conntrack_ftp        6015  0
ipt_REJECT              2046  1
xt_conntrack            2801  2
iptable_filter          1312  1
iptable_mangle          1408  0
ipt_MASQUERADE          1626  1
iptable_nat             2414  1
nf_conntrack_ipv4      10895  3
nf_defrag_ipv4          1179  1 nf_conntrack_ipv4
nf_nat_ipv4             3016  1 iptable_nat
nf_nat                  9127  3 ipt_MASQUERADE,nf_nat_ipv4,iptable_nat
nf_conntrack           48839  7
ipt_MASQUERADE,nf_nat,nf_nat_ipv4,xt_conntrack,nf
ath9k                  73438  0
ath9k_common            1815  1 ath9k
ath9k_hw              360745  2 ath9k_common,ath9k
ath                    13809  3 ath9k_common,ath9k,ath9k_hw
padlock_sha             5594  0
padlock_aes             4464  0
via_cputemp             3023  0
hwmon_vid               1996  1 via_cputemp
i2c_viapro              4899  0

More information about the Firehol-support mailing list