When trying to add a firewall rule with following command
configure
set firewall name OUTSIDE-LOCAL rule 50 action reject
set firewall name OUTSIDE-LOCAL rule 50 p2p all
commit
following error is thrown
[ firewall name OUTSIDE-LOCAL ]
iptables: No chain/target/match by that name.
iptables error: No such file or directory - -m comment --comment "OUTSIDE-LOCAL-50" -m ipp2p --apple --bit --dc --edk --gnu --kazaa -j REJECT at /opt/vyatta/sbin/vyatta-firewall.pl line 609.
[[firewall name OUTSIDE-LOCAL]] failed
Commit failed
Running the following iptables command by hand also throws an error
root@test-vyos:~# iptables -t filter --insert OUTSIDE-LOCAL 6 -m comment --comment "OUTSIDE-LOCAL-50" -m ipp2p --apple --bit --dc --edk --gnu --kazaa -j REJECT
iptables: No chain/target/match by that name.
did not find the module in the netfilter directory either
root@test-vyos:~# ls -l /lib/modules/3.13.11-1-amd64-vyos/kernel/net/ipv4/netfilter/total 261
-rw-r--r-- 1 root root 27448 Feb 28 02:47 arp_tables.ko
-rw-r--r-- 1 root root 4602 Feb 28 02:47 arpt_mangle.ko
-rw-r--r-- 1 root root 5852 Feb 28 02:47 arptable_filter.ko
-rw-r--r-- 1 root root 18675 Feb 28 02:47 ipt_CLUSTERIP.ko
-rw-r--r-- 1 root root 5800 Feb 28 02:47 ipt_ECN.ko
-rw-r--r-- 1 root root 7789 Feb 28 02:47 ipt_MASQUERADE.ko
-rw-r--r-- 1 root root 7728 Feb 28 02:47 ipt_REJECT.ko
-rw-r--r-- 1 root root 11955 Feb 28 02:47 ipt_SYNPROXY.ko
-rw-r--r-- 1 root root 19551 Feb 28 02:47 ipt_ULOG.ko
-rw-r--r-- 1 root root 6612 Feb 28 02:47 ipt_ah.ko
-rw-r--r-- 1 root root 5637 Feb 28 02:47 ipt_rpfilter.ko
-rw-r--r-- 1 root root 6497 Feb 28 02:47 iptable_filter.ko
-rw-r--r-- 1 root root 6201 Feb 28 02:47 iptable_mangle.ko
-rw-r--r-- 1 root root 10122 Feb 28 02:47 iptable_nat.ko
-rw-r--r-- 1 root root 5671 Feb 28 02:47 iptable_raw.ko
-rw-r--r-- 1 root root 5902 Feb 28 02:47 iptable_security.ko
-rw-r--r-- 1 root root 35468 Feb 28 02:47 nf_conntrack_ipv4.ko
-rw-r--r-- 1 root root 5863 Feb 28 02:47 nf_defrag_ipv4.ko
-rw-r--r-- 1 root root 18825 Feb 28 02:47 nf_nat_h323.ko
-rw-r--r-- 1 root root 9388 Feb 28 02:47 nf_nat_ipv4.ko
-rw-r--r-- 1 root root 11425 Feb 28 02:47 nf_nat_pptp.ko
-rw-r--r-- 1 root root 7661 Feb 28 02:47 nf_nat_proto_gre.ko
-rw-r--r-- 1 root root 15564 Feb 28 02:47 nf_nat_snmp_basic.ko
The kernel does seem to know the module
[code]root@test-vyos:~# iptables -m ipp2p --help
… snip …
IPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.
You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.
See README included with this package for more details or visit http://www.ipp2p.org
Examples:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP[/code]
We installed the 1.1.4 on the virtual box, and then ran the install image from within vyos in order to install the 1.1.5
Any help appreciated.