Hi All,
I have an issue with adding firewall rule with target REJECT.
libip6t_REJECT.c
libipt_REJECT.c
files are not complied even after adding iptables-mod-extra.
Only following modules are added in initext4.c
void init_extensions4(void)
{
libipt_DNAT_init();
libipt_LOG_init();
libipt_MASQUERADE_init();
libipt_REDIRECT_init();
libipt_SNAT_init();
libipt_icmp_init();
}
Can anybody help with the configurations.
Thanks in advance
-i is followed by interface name, not protocol
-p is for protocol
Sorry -i is TYPO,
iptables -A FORWARD -p icmp -j REJECT
iptables v1.6.2: Couldn't load target `REJECT':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Fix your build, or use a pre-built firmware from downloads.openwrt.org
Also, you may want move this post into the For Developers section instead.
Thanks @lleachii,
I would like confirm whether I am doing things right.
On debugging further i found that NR_REJECT is not set even after including CONFIG_PACKAGE_kmod-nf-reject=y
Build dir kernel config:[linux-4.1.51]
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_NF_LOG_ARP is not set
CONFIG_NF_LOG_IPV4=m
# **CONFIG_NF_REJECT_IPV4 is not set**
(Moved to the For Developers section.)
I noticed you moved it already, no need to inform me, someone will see it and assist.
Thanks All.
I could able to identify the root cause. In my environment the user config is overwritten by predefined kernel config file.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.