Ubuntu
iptables package

man page talks about GeoIP country filtering... but the patch isn't installed

Bug #94151 reported by Maxime Ritter
4
Affects Status Importance Assigned to Milestone
iptables (Ubuntu)
Invalid
Undecided
Soren Hansen

Bug Description

Binary package hint: iptables

When I do man iptables, I can read :

" geoip
       Match a packet by its source or destination country.

       [!] --src-cc, --source-country country[,country,country,...]
              Match packet coming from (one of) the specified country(ies)

       [!] --dst-cc, --destination-country country[,country,country,...]
              Match packet going to (one of) the specified country(ies)
"

When I try to enable it (after installing geoip database thanks to csv2bin), I obtain :
  iptables -A INPUT --source-country A1 --log-prefix Proxy -j LOG
  iptables v1.3.3: Unknown arg `--source-country'

Maybe did someone forget to compile with this patch ? (or is the man page to recent ?).

Revision history for this message
Maxime Ritter (airmax) wrote :

Same problem with "iprange".

" iprange
       This matches on a given arbitrary range of IPv4 addresses

       [!]--src-range ip-ip
              Match source IP in the specified range.

       [!]--dst-range ip-ip
              Match destination IP in the specified range.
"

-> iptables v1.3.3: Unknown arg `--src-range'

Revision history for this message
Scott Zawalski (cowbud) wrote :

Two questions,

What manpage are you reading for iptables? I did a man iptables and I do not see any of the text you are referring to.

Second, what page did you install for iprange? I cannot find a package that contains this program.

Changed in iptables:
assignee: nobody → cowbud
status: Unconfirmed → Needs Info
Revision history for this message
Maxime Ritter (airmax) wrote :

man 8 iptables on Dapper Drake.

GeoIP wasn't maintained by upstream, its was also removed from manpage in 7.04.

iprange is a patch for netfilter, which doesn't exist as an ubuntu package. A note is now included in the feisty manpage. "(Please note: This match requires kernel support that might not be available in official Linux kernel sources or Debian’s packaged available for the specific Linux kernel source version, that support might not be enabled in the current Linux kernel binary.)"

Revision history for this message
Soren Hansen (soren) wrote :

As the iptables man page tells you, you need to add '-m geoip' or '-m iprange' to enable geoip or iprange, respectively. iprange works just fine after doing that, but geoip was never enabled. The bug in this case is that the man page still mentions it.

Changed in iptables:
assignee: cowbud → shawarma
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.