It is currently Thu Nov 26, 2020 9:12 am
All times are UTC + 8 hours

Update iptables and provide more extension modules

Got a feature request? Great! Post your ideas here!

Update iptables and provide more extension modules

Postby mp52 » Wed Jan 29, 2020 11:28 am

At current time the 4.14.x kernel supports version 1.4 .13 of iptables. This lacks a number of module extensions which are useful for virtualization and other specific networking tasks. Can the kernel be updated to provide additional modules to support more extensive configuration options. Specifically I'm thinking of the modules commonly provided by the iptables-mod-ipopt and kmod-ipt-ipopt packages under Linux. These packages include the libipt_MARK.so and xt_MARK.ko libraries which enable use of "MARK" directives in iptables rules.
mp52
 
Posts: 1
Joined: Wed Jan 29, 2020 11:20 am

Re: Update iptables and provide more extension modules

Postby father.mande » Wed Jan 29, 2020 3:58 pm

Hi,

Best way is to ask to Asustor support to add this requirement in the "feature wanted" and obtain a response in term of future availability .

or, try to do it yourself
... if it's easy to create the module .ko (I have build more than 900 kernel modules with the correct signature (vermagic) ... but only a few tested)
Code: Select all
 # modinfo xt_mark.ko
filename:       ./net/netfilter/xt_mark.ko
alias:          arpt_MARK
alias:          ip6t_MARK
alias:          ipt_MARK
alias:          ip6t_mark
alias:          ipt_mark
description:    Xtables: packet mark operations
author:         Marc Boucher <marc@mbsi.ca>
license:        GPL
srcversion:     3EC1CC89406791AEE952154
depends:
intree:         Y
name:           xt_mark
vermagic:       4.14.x SMP mod_unload modversions

It's a little more difficult to get the iptables supporting the MARK target even a version exist in Entware APKG ... need to be tested
Code: Select all
 # opkg info iptables
Package: iptables
Version: 1.4.21-3
Depends: libc, libssp, librt, libpthread
Status: unknown ok not-installed
Section: net
Architecture: x64-3.2
Size: 210516
Filename: iptables_1.4.21-3_x64-3.2.ipk
Description: IP firewall administration tool.

 Matches:
 - icmp
 - tcp
 - udp
 - comment
 - conntrack
 - limit
 - mac
 - mark
 - multiport
 - set
 - state
 - time

 Targets:
 - ACCEPT
 - CT
 - DNAT
 - DROP
 - REJECT
 - LOG
 - MARK
 - MASQUERADE
 - REDIRECT
 - SET
 - SNAT
 - TCPMSS

 Tables:
 - filter
 - mangle
 - nat
 - raw


The lib you require is not delivered as an independent file (but perhaps include as statically linked)
Entware is the port of opkg package from Openwrt source on Asustor NAS.

If this don't work as well ... this require to build a new private version of iptables ... not difficult but need test and integration to be used in A.D.M. a not "pure" Linux with all package management like a standard distribution (Ubuntu or Debian or ... .

This just to help you in your thinking ... .

Philippe.
AS5202T /AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 1047
Joined: Sat Sep 12, 2015 2:55 am

Return to Feature Requests

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 4 guests

cron