Update iptables and provide more extension modules

Got a feature request? Great! Post your ideas here!

Moderator: Lillian.W@AST

Post Reply
mp52
Posts: 1
youtube meble na wymiar Warszawa
Joined: Wed Jan 29, 2020 11:20 am

Update iptables and provide more extension modules

Post by mp52 »

At current time the 4.14.x kernel supports version 1.4 .13 of iptables. This lacks a number of module extensions which are useful for virtualization and other specific networking tasks. Can the kernel be updated to provide additional modules to support more extensive configuration options. Specifically I'm thinking of the modules commonly provided by the iptables-mod-ipopt and kmod-ipt-ipopt packages under Linux. These packages include the libipt_MARK.so and xt_MARK.ko libraries which enable use of "MARK" directives in iptables rules.
User avatar
father.mande
Posts: 1810
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: Update iptables and provide more extension modules

Post by father.mande »

Hi,

Best way is to ask to Asustor support to add this requirement in the "feature wanted" and obtain a response in term of future availability .

or, try to do it yourself
... if it's easy to create the module .ko (I have build more than 900 kernel modules with the correct signature (vermagic) ... but only a few tested)

Code: Select all

 # modinfo xt_mark.ko
filename:       ./net/netfilter/xt_mark.ko
alias:          arpt_MARK
alias:          ip6t_MARK
alias:          ipt_MARK
alias:          ip6t_mark
alias:          ipt_mark
description:    Xtables: packet mark operations
author:         Marc Boucher <marc@mbsi.ca>
license:        GPL
srcversion:     3EC1CC89406791AEE952154
depends:
intree:         Y
name:           xt_mark
vermagic:       4.14.x SMP mod_unload modversions
It's a little more difficult to get the iptables supporting the MARK target even a version exist in Entware APKG ... need to be tested

Code: Select all

 # opkg info iptables
Package: iptables
Version: 1.4.21-3
Depends: libc, libssp, librt, libpthread
Status: unknown ok not-installed
Section: net
Architecture: x64-3.2
Size: 210516
Filename: iptables_1.4.21-3_x64-3.2.ipk
Description: IP firewall administration tool.

 Matches:
 - icmp
 - tcp
 - udp
 - comment
 - conntrack
 - limit
 - mac
 - mark
 - multiport
 - set
 - state
 - time

 Targets:
 - ACCEPT
 - CT
 - DNAT
 - DROP
 - REJECT
 - LOG
 - MARK
 - MASQUERADE
 - REDIRECT
 - SET
 - SNAT
 - TCPMSS

 Tables:
 - filter
 - mangle
 - nat
 - raw

The lib you require is not delivered as an independent file (but perhaps include as statically linked)
Entware is the port of opkg package from Openwrt source on Asustor NAS.

If this don't work as well ... this require to build a new private version of iptables ... not difficult but need test and integration to be used in A.D.M. a not "pure" Linux with all package management like a standard distribution (Ubuntu or Debian or ... .

This just to help you in your thinking ... .

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
Post Reply

Return to “Feature Requests”