iptables raw table NOTRACK not working

R

Reggle

Guest
Hi all,

I'm trying to configure an entry in the iptables raw table, which is used to disable connection tracking for certain packets. Just experimenting.

The iptables raw module seems to be loaded, I even loaded it with modprobe on purpose. You can view the table:

root@xxx:~# iptables -L -v -t raw
Chain PREROUTING (policy ACCEPT 6186K packets, 5182M bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 566K packets, 105M bytes)
pkts bytes target prot opt in out source destination

However, adding a rule with the well documented NOTRACK option does not work:

root@xxx:~# iptables -A PREROUTING -t raw -p udp --dport 53 -j NOTRACK
iptables: No chain/target/match by that name.

When I try it there's also a /var/log/messages output:
Jul 18 00:26:50 cloudberry kernel: [11308958.943744] xt_NOTRACK: disagrees about version of symbol nf_conntrack_untracked
Jul 18 00:26:50 cloudberry kernel: [11308958.943751] xt_NOTRACK: Unknown symbol nf_conntrack_untracked (err -22)

My Google-fu is useless for this one. Anyone have an idea what I may be missing here?

Thanks in advance!
 


xxx@xxx:~$ uname -a
Linux xxx 3.2.0-4-amd64 #1 SMP Debian 3.2.65-1+deb7u1 x86_64 GNU/Linux

So it's deprecated? Any other way to make anything stateless in iptables?
 

Staff online

Members online


Top