Article 11835 at 08/01/30 10:57:34 From: bq (at mark) solarspeed.net Subject: [coba-e:11835] Re: dfix.sh : iptables: No chain/target/match by that name (The solution)

Index: [Article Count Order] [Thread]

Date:  Wed, 30 Jan 2008 02:57:18 +0100
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:11835] Re: dfix.sh : iptables: No chain/target/match by that name (The solution)
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200801300257.19483.bq (at mark) solarspeed.net>
In-Reply-To:  <479FCB82.2080801 (at mark) theanchoragesylvania.com>
References:  <F30433169BF91C48825BFF765CBEF6EE09045B (at mark) exchangeserver.cds.local> <479ED864.8060107 (at mark) theanchoragesylvania.com> <479FCB82.2080801 (at mark) theanchoragesylvania.com>
X-Mail-Count: 11835

Hi Greg,

> dfix uses iptables to block bad guys. Iptables loads modules for its
> rules to match the bad guys. The moral of the story: Turn off lcap, and
> dfix will work just fine.
>
> Note: I believe you need to reboot your server after turning off lcap.

Correct. LCAP cannot be removed at runtime. That requires a reboot. The best 
procedure for using LCAP is: 

Make sure all required kernel modules are loaded. Like: Initialize the 
firewall first. Then enable LCAP. 

-- 
With best regards,

Michael Stauber