Iptables - ipset

I have a SLES SP3 server that I am attempting to use ipset on.

I have made a simple testing ipset using the following:

ipset -N sftpext hash:ip

That works and I am able to add IP addresses to the ipset. However, I can’t use the set in an iptables rule

iptables -A INPUT -m set --match-set sftpext src -j ACCEPT

I get the following error:

iptables: No chain/target/match by that name

Any help would be appreciated.

Well, I have good news and bad news. The good news is that I can
duplicate what you have reported trivially. The bad news, of course, is
that I cannot find a way around it. The error seems to imply that
NetFilter knows enough about what’s going on to try and find an ipset, but
then it cannot for whatever reason.

Do you have an earlier version of SLES (11 SP2, or 10 SP-whatever) where
this works? I’ve never used this option before so my experience is
limited to what I’ve done in the last hour tinkering.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

I do not have an earlier version at this time. I am sure that I could get my hands on one though. I did test this at home on my opensuse machines (I know not apples to apples, but it is a sanity check of my command syntax) and it worked fine. I will see if I can reproduce it in an older version.

I have filed a software defect report on this issue.

What is the defect number please ?

Thanks
Hans

I don’t know what the defect number is. I just filed the report via the web form.

Hi Scott,

I found your report.

Web based bug reports are not automatically turned into bugs, but first a service request is created for the team supporting the product the bug report was written for.
They will need to confirm the bug report is indeed a bug and write the bug once confirmed.

In your case, this (internal) SR number is 10866573211 and I have assigned it.
I do have some issues with high priority to work on first, but I will test this asap and let you know how this goes.

Please do ping me directly at “hvdheuvel_at_novell_dot_com” if you have anything to add to this report.

Thanks
Hans

[QUOTE=HvdHeuvel;17538]Hi Scott,

I found your report.

Web based bug reports are not automatically turned into bugs, but first a service request is created for the team supporting the product the bug report was written for.
They will need to confirm the bug report is indeed a bug and write the bug once confirmed.

In your case, this (internal) SR number is 10866573211 and I have assigned it.
I do have some issues with high priority to work on first, but I will test this asap and let you know how this goes.

Please do ping me directly at “hvdheuvel_at_novell_dot_com” if you have anything to add to this report.

Thanks
Hans[/QUOTE]

Thanks Hans I appreciate the assistance with this bug.