Dear Friends, I installed CENTOS 4.4 on server. I need DROP MSN Messenger using IPTABLES, I created the rule below. $IPTABLES -A INPUT -p tcp -m string --string "x-msn-messenger" -j DROP But, When I run IPTABLES, I have received follow error: DROP -> MSN Messenger iptables v1.2.11: Couldn't load match `string':/lib/iptables/libipt_string.so: cannot open shared object file: No such file or directory Where DO I find library libipt_string ? Thanks for help. Adriano Frare
I noticed there are a lot of the "cooler" iptables match targets missing from centos. You could recompile your kernel, which is taboo and dangerous, or you could run a more firewall friendly distro. Centos makes for a great and reliable server, but it's not a firewall, it's much too heavy of a distro for a firewall imho. If you really want to proceed you'll need to check out compiling your own kernel, as well as updating the netfilter/iptables code (patch-o-matic). Gordon On 11/3/06, Adriano Frare <alfrare at e-alinux.com> wrote:> Dear Friends, > > I installed CENTOS 4.4 on server. > > I need DROP MSN Messenger using IPTABLES, I created the rule below. > > $IPTABLES -A INPUT -p tcp -m string --string "x-msn-messenger" -j DROP > > > > But, When I run IPTABLES, I have received follow error: > > DROP -> MSN Messenger > iptables v1.2.11: Couldn't load match > `string':/lib/iptables/libipt_string.so: cannot open shared object file: > No such file or directory > > > Where DO I find library libipt_string ? > > > > Thanks for help. > > > Adriano Frare > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
won't that iptables command block some legit traffic ? like a google search or something ? I remember blocking msn messenger with iptables and squid proxy, it was reliable but kinda heavy if you want to run only a firewall. Recompiling a kernel once is alright but if you have to do it on every update it can get time consuming :) anyways good luck. On Friday 03 November 2006 06:37, Adriano Frare wrote:> Dear Friends, > > I installed CENTOS 4.4 on server. > > I need DROP MSN Messenger using IPTABLES, I created the rule below. > > $IPTABLES -A INPUT -p tcp -m string --string "x-msn-messenger" -j DROP > > > > But, When I run IPTABLES, I have received follow error: > > DROP -> MSN Messenger > iptables v1.2.11: Couldn't load match > `string':/lib/iptables/libipt_string.so: cannot open shared object file: > No such file or directory > > > Where DO I find library libipt_string ? > > > > Thanks for help. > > > Adriano Frare > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-- Charles Lacroix, Administrateur UNIX. Service des t?l?communications et des technologies C?gep de Sainte-Foy (418) 659-6600 # 4266