grsecurity forums

[vik]

Hello,
on 2.6.17.11-grsec with stealth match support enabled and iptables v1.3.5 patched with grsecurity-iptables-1.3.5.patch I got this:

Code: Select all

iptables -A INPUT -p tcp -m stealth -j DROP
iptables: Unknown error 4294967295


The same for udp.

I don't know if it is the same thing, but it is same error I got when using connlimit from pom. Meanwhile connlimit was upgraded to new 2.6.17 netfilter API and works.

Thanks,
Victor

[spender]

Are you using the latest patch on the website (released on 8/28)? It has changes to the stealth module that should fix that problem. Let me know if you still experience it.

-Brad

[vik]

I recompliled with grsecurity-2.1.9-2.6.17.11-200608282236.patch, also recompiled iptables, but the same error is there. Please tell me what other informations you need (kernel .config, gcc version, etc).

Thanks,
Victor

[spender]

It works properly on my system. Do you see anything in your dmesg when you get the error? From what I've seen on the netfilter list, that error is related to modules that hadn't updated to the xtables changes, which I had done in the latest 2.6 patch. Are you sure you're running the new kernel?

-Brad

[vik]

Yes, it works, i recompiled again and I found that my .config was wrong. Sorry for this and thank you for replies.

Victor