我在 CentOS5 32 位机器上编译ipset,遇到奇怪的错误
我的内核:
[root@localhost ipset-4.5]# uname -a
Linux localhost.localdomain 2.6.18-400.1.1.el5 #1 SMP Thu Dec 18 00:58:32 EST 2014 i686 i686 i386 GNU/Linux
IP集版本:
[root@localhost ipset-4.5]# ipset -V
ipset v4.5, protocol version 4.
Kernel module protocol version 4.
尝试创建哈希。
[root@localhost ipset-4.5]# ipset --create test macipmap --network 192.168.10.0/24
ipset v4.5: Unknown set type
我检查man示例并尝试这里但没有运气
[root@localhost ipset-4.5]# ipset -N test iphash --probes 2
ipset v4.5: Unknown set type
iptables规则:
[root@localhost ipset-4.5]# iptables -A INPUT -m set --set badips src -j DROP
iptables v1.3.5: Couldn't load match `set':/lib/iptables/libipt_set.so: cannot open shared object file: No such file or directory
iptables版本:
[root@localhost ipset-4.5]# iptables -V
iptables v1.3.5
[root@localhost ipset-4.5]# rpm -qa | grep iptables
iptables-1.3.5-9.2.el5_8
答案1
我自己找到了解决方案:
需要加载ip_set_iphash.ko内核模块。
# insmod /lib/modules/2.6.18-400.1.1.el5/extra/ip_set_iphash.ko
iptables v1.3.5 缺少库libipt_set.so来修复它,请执行以下操作:
# wget http://ftp.neu.edu.cn/mirrors/CentALT/5/i386/iptables-1.3.5-5.6.1.el5.i386.rpm
# rpm2cpio iptables-1.3.5-5.6.1.el5.i386.rpm | cpio -idmv
# cp lib/iptables/libipt_set.so /lib/iptables/libipt_set.so