Article 11834 at 08/01/30 09:57:49 From: greg.kuhnert (at mark) theanchoragesylvania.com Subject: [coba-e:11834] dfix.sh : iptables: No chain/target/match by that name (The solution)

Index: [Article Count Order] [Thread]

Date:  Wed, 30 Jan 2008 11:57:38 +1100
From:  Greg Kuhnert <greg.kuhnert (at mark) theanchoragesylvania.com>
Subject:  [coba-e:11834] dfix.sh : iptables: No chain/target/match by that name (The solution)
To:  "coba-e (at mark) bluequartz. org" <coba-e (at mark) bluequartz.org>
Cc:  =?ISO-8859-1?Q?Sp=F6rrer_Stefan?= <spoerrer (at mark) cds24.de>,        b.santee (at mark) visions-online.com
Message-Id:  <479FCB82.2080801 (at mark) theanchoragesylvania.com>
In-Reply-To:  <479ED864.8060107 (at mark) theanchoragesylvania.com>
References:  <F30433169BF91C48825BFF765CBEF6EE09045B (at mark) exchangeserver.cds.local> <479ED864.8060107 (at mark) theanchoragesylvania.com>
X-Mail-Count: 11834

The problem that was recently reported was found to be related to LCAP. 
This feature blocks the loading of dynamic modules into the kernel. This 
is a great security idea, but sometimes it can interfere with legitimate 
applications as well.

dfix uses iptables to block bad guys. Iptables loads modules for its 
rules to match the bad guys. The moral of the story: Turn off lcap, and 
dfix will work just fine.

Note: I believe you need to reboot your server after turning off lcap.

Regards,
Greg