2

Due to a bug (similar to this one) i'm facing with iptables in Centos 7, I'd like to update the version of iptables.

# yum update iptables
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.coreix.net
 * epel: mirror.de.leaseweb.net
 * extras: mirrors.coreix.net
 * updates: mirrors.coreix.net
No packages marked for update
# iptables -V
iptables v1.4.21

So I figured I'd update to either the latest (from their git) or to the tagged 1.6.0.

I managed to add the libraries needed to get ./autogen.sh to run, then managed to ./configure --disable-nftables and make and make install.

Now i'm not sure how I can run this version to test it, and how to implement it if it works as the default iptables.

ericosg
  • 110
  • 2
  • 14

3 Answers3

0

How about direct install

yum install http://mirror.centos.org/centos/7/os/x86_64/Packages/iptables-1.4.21-33.el7.x86_64.rpm

Ref: https://pkgs.org/search/?q=iptables

0

I've found an online article that was spot on.

If this helps anyone, the steps I took before this article were the following:

git clone git://git.netfilter.org/iptables.git
cd iptables
sudo yum install kernel-devel autoconf automake libtool

Then the online article I followed does:

./configure --prefix=/usr      \
            --sbindir=/sbin    \
            --disable-nftables \
            --enable-libipq    \
            --with-xtlibdir=/lib/xtables &&
make

sudo su

make install &&
ln -sfv ../../sbin/xtables-multi /usr/bin/iptables-xml &&

for file in ip4tc ip6tc ipq iptc xtables
do
  mv -v /usr/lib/lib${file}.so.* /lib &&
  ln -sfv ../../lib/$(readlink /usr/lib/lib${file}.so) /usr/lib/lib${file}.so
done
ericosg
  • 110
  • 2
  • 14
  • You actually need to rebuild kernel to enable extended functionality, that you're looking for – Anubioz Aug 31 '16 at 13:51
  • could you point me to the right direction? also, you mean that even though I see v1.6.0 i'm not seeing all the fixes as some are part of the kernel changes? – ericosg Aug 31 '16 at 14:20
  • @Anubioz, 1.6.0 says that there's no need to rebuild the kernel https://git.netfilter.org/iptables/tree/INSTALL – ericosg Sep 01 '16 at 08:24
  • I tried this on a stock Ubuntu 18.04 and ended up with broken iptables: ` ~ iptables --help iptables: symbol lookup error: iptables: undefined symbol: xtables_find_target_revision` – Eugene van der Merwe Jan 23 '20 at 03:01
0

Git source don't have configure script in it, better download sources from iptables website

wget http://www.netfilter.org/projects/iptables/files/iptables-1.8.3.tar.bz2
tar -xvf iptables-1.8.3.tar.bz2
cd iptables-1.8.3

then follow this instructions http://www.linuxfromscratch.org/blfs/view/svn/postlfs/iptables.html