hello,

i wanted to use/install iptables on the box, so I did:

#ipkg update
#ipkg install iptables

and it installed, but when I tried to use it, I get:


# iptables -nvL
modprobe: module ip_tables not found in modules.dep
iptables v1.4.6: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

what's missing here

# modprobe iptables
modprobe: module iptables not found in modules.dep

I tried:

#depmod -a

but that didn't help much...

Thanks for adding iptables back in the kernel in the next image... some firewalling and prioritizing is sometimes useful

Originally posted by mirel
just use

route add -host IP-ADRESS reject

for unwanted ip's ... work fine for me

...and wait for iptables in next image

I'm afraid this is not what I want, it is just preventing you to reach a certain IP destination address from your box... so for outgoing packets, which can also be replies on incoming packets, to the host you specify in the command above...

You can still get DoS or SYN flood attacks... as the service can be reached one-way by the host specified in the command above... also you need to specify all unwanted addresses, I prefer the other way around, drop all and accept some exceptions.

Just for information - a reject route still sends an answer (icmp unreachable) in return, it is better to use the ip command and blackhole the route:

ip route add blackhole <ip-addr>/<netmask>

then the traffic is just ignored (no icmp unreachable answer is sent back to sender)

What I wanted to do with iptables is firewalling and limit access from certain sources to certain services at the input chain...

Thanks for your comment, even if I cannot use it, we are here to learn from each-other