[PATCH 1/1] UBUNTU: [Jaunty] Change LPIA configuration to compile with

Stefan Bader stefan.bader at canonical.com
Tue Apr 7 15:34:10 UTC 2009 

Brad Figg wrote:
> Stefan Bader wrote:
>> Sounds sensible to have those options in sync. ACK (maybe change mad64
>> before checkin ;-))
>>
>> Brad Figg wrote:
>>> Bug: #355291
>>>
>>> The 'recent' module of iptables is broken on lpia because the kernel is
>>> compiled without CONFIG_NETFILTER_XT_MATCH_RECENT. This is a regression
>>> over Intrepid:
>>>
>>> $ grep RECENT ./config-2.6.2*
>>> ./config-2.6.27-4-lpia:CONFIG_IP_NF_MATCH_RECENT=m
>>> ./config-2.6.28-11-lpia:# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
>>>
>>> $ cat /proc/version_signature
>>> Ubuntu 2.6.28-11.40-lpia
>>> $ sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m
>>> recent --set
>>> iptables: No chain/target/match by that name
>>>
>>> Ufw uses this module when using the LIMIT command, which causes the
>>> firewall to not load on boot due to iptables-restore failing. Ufw users
>>> are only affected when using LIMIT rules.
>>>
>>> The LPIA configuration was modifified to match the NETFILTER
>>> configuration for mad64 and i386.
>>>
>>> Signed-off-by: Brad Figg <brad.figg at canonical.com>
>>> ---
>>>  debian/config/lpia/config |    7 +++++--
>>>  1 files changed, 5 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/debian/config/lpia/config b/debian/config/lpia/config
>>> index 35137bb..57f655c 100644
>>> --- a/debian/config/lpia/config
>>> +++ b/debian/config/lpia/config
>>> @@ -1854,7 +1854,7 @@ CONFIG_NETFILTER_ADVANCED=y
>>>  CONFIG_NETFILTER_NETLINK=m
>>>  CONFIG_NETFILTER_NETLINK_LOG=m
>>>  CONFIG_NETFILTER_NETLINK_QUEUE=m
>>> -# CONFIG_NETFILTER_TPROXY is not set
>>> +CONFIG_NETFILTER_TPROXY=m
>>>  CONFIG_NETFILTER_XTABLES=m
>>>  CONFIG_NETFILTER_XT_MATCH_COMMENT=m
>>>  CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
>>> @@ -1879,8 +1879,10 @@ CONFIG_NETFILTER_XT_MATCH_POLICY=m
>>>  CONFIG_NETFILTER_XT_MATCH_QUOTA=m
>>>  CONFIG_NETFILTER_XT_MATCH_RATEEST=m
>>>  CONFIG_NETFILTER_XT_MATCH_REALM=m
>>> -# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
>>> +CONFIG_NETFILTER_XT_MATCH_RECENT=m
>>> +# CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT is not set
>>>  CONFIG_NETFILTER_XT_MATCH_SCTP=m
>>> +CONFIG_NETFILTER_XT_MATCH_SOCKET=m
>>>  CONFIG_NETFILTER_XT_MATCH_STATE=m
>>>  CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
>>>  CONFIG_NETFILTER_XT_MATCH_STRING=m
>>> @@ -1899,6 +1901,7 @@ CONFIG_NETFILTER_XT_TARGET_RATEEST=m
>>>  CONFIG_NETFILTER_XT_TARGET_SECMARK=m
>>>  CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
>>>  # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
>>> +CONFIG_NETFILTER_XT_TARGET_TPROXY=m
>>>  CONFIG_NETFILTER_XT_TARGET_TRACE=m
>>>  CONFIG_NETLABEL=y
>>>  CONFIG_NETPOLL=y
>>
> 
> Stefan,
> 
> Unless I'm missing something, the NETFILTER configuration options
> are the same for amd64, i386 and with this patch lpia.
> 
> Brad
> 
No, you do not miss something there. I was just nitpicking about the fact that 
you wrote mad64 instead of amd64 in the patch description.

Stefan

-- 

When all other means of communication fail, try words!

More information about the kernel-team mailing list