iptables(addon): Missing "nf_condition"

Kernels & Hardware, configuring network, installing services

iptables(addon): Missing "nf_condition"

Postby mabra » 2019-11-09 11:47

Hallo!

I just upgraded my old firewall box (running debian squeeze ....) to new hardware
and migrating the setup. Astoundingly, my firewall setup (iptables) will no longer
work, because the "nf_condition" is missing.
So I am on a halt - I do not know, how to replace the missing module.
This module stems (so far I remember correctly) from the XTables addons,
which are not in any repositories.
It is not that easy to replace a variable-test by another script, because this
would change the rule-order!

Any help would be great!

Thanks,
Manfred
User avatar
mabra
 
Posts: 94
Joined: 2010-10-16 16:53

Re: iptables(addon): Missing "nf_condition"

Postby kedaha » 2019-11-11 22:15

mabra wrote:So I am on a halt - I do not know, how to replace the missing module.
This module stems (so far I remember correctly) from the XTables addons,
which are not in any repositories.

Hi,
Well, if you upgraded to Buster, it looks like the package would have to be backported from unstable.
Code: Select all
xtables-addons | 2.6-1         | oldoldstable   | source
xtables-addons | 2.12-0.1      | oldstable      | source
xtables-addons | 3.5-0.1       | testing        | source
xtables-addons | 3.5-0.1       | unstable       | source
xtables-addons | 3.5-0.1       | unstable-debug | source
Mate DE & OSSv4.
FreedomBox in Debian
ispmail
Debian Stable

Words, as is well known, are the great foes of reality. Joseph Conrad.
Kedaha's Conjecture
User avatar
kedaha
 
Posts: 3034
Joined: 2008-05-24 12:26

Re: iptables(addon): Missing "nf_condition"

Postby kedaha » 2019-11-13 14:22

Further to my last post, to build the source.
After this you will need to run module-assistant to install the module.
Edit or add the source to /etc/apt/sources.list with a command like (modify for your mirror):
Code: Select all
# echo "deb-src http://ftp.us.debian.org/debian unstable main" >> /etc/apt/sources.list && apt-get update
# apt-get build-dep xtables-addons
# exit

Build the source as your user in /home
-b, --compile, --build
Compile source packages after downloading them. Configuration Item:
APT::Get::Compile.

Code: Select all
$ mkdir BUILD && cd BUILD
user@debian:~/BUILD$ apt-get -b source xtables-addons

When this is done use the ls command to show the resulting backported packages:
Code: Select all
user@debian:~/BUILD$ ls
xtables-addons-3.5
xtables-addons_3.5-0.1_amd64.buildinfo
xtables-addons_3.5-0.1_amd64.changes
xtables-addons_3.5-0.1.debian.tar.xz
xtables-addons_3.5-0.1.dsc
xtables-addons_3.5.orig.tar.xz
xtables-addons-common_3.5-0.1_amd64.deb
xtables-addons-common-dbgsym_3.5-0.1_amd64.deb
xtables-addons-dkms_3.5-0.1_all.deb
xtables-addons-source_3.5-0.1_all.deb

Which can be installed by executing a command like:
Code: Select all
su -c "dpkg -i ./*.deb"

If you get this:
Code: Select all
dpkg: warning: 'ldconfig' not found in PATH or not executable
dpkg: warning: 'start-stop-daemon' not found in PATH or not executable
dpkg: error: 2 expected programs not found in PATH or not executable
Note: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin

Then prefix the su call with the redefinition of the PATH variable:
Code: Select all
user@debian:~/BUILD$ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin su -c "dpkg -i ./*.deb"
Mate DE & OSSv4.
FreedomBox in Debian
ispmail
Debian Stable

Words, as is well known, are the great foes of reality. Joseph Conrad.
Kedaha's Conjecture
User avatar
kedaha
 
Posts: 3034
Joined: 2008-05-24 12:26

Re: iptables(addon): Missing "nf_condition"

Postby mabra » 2019-11-13 22:43

Hello!
A BIG THANKS for all that work!
I'll have to do some experiments before, because I have ZFS on boot (and even this is to update first).
This is far out of my scope currently.
But I hope, I can setup a VM (lxc) to create the module.
Thank you very much!
Manfred
User avatar
mabra
 
Posts: 94
Joined: 2010-10-16 16:53

Re: iptables(addon): Missing "nf_condition"

Postby kedaha » 2019-11-14 15:26

Thanks for your topic; I'm interested in such things and am always glad to help if I can.
I hope that backporting xtables-addons solves the problem; the module installed OK on my system using module-assistant.
Mate DE & OSSv4.
FreedomBox in Debian
ispmail
Debian Stable

Words, as is well known, are the great foes of reality. Joseph Conrad.
Kedaha's Conjecture
User avatar
kedaha
 
Posts: 3034
Joined: 2008-05-24 12:26


Return to System configuration

Who is online

Users browsing this forum: No registered users and 13 guests

fashionable