0

I recently installed ipset rpm and kmod-ipset rpm for my Centos (Linux 2.6.18-194.11.3.el5 i686) and try to hands with help of some examples from internet, but when I try to ban user who tries to connect to port 443 to remote server add automatically to ipset bann list i get following error.

command= ipset -N banned_hosts iphash

iptables -I FORWARD -p tcp --dport 443 -j SET --add-set banned_hosts src

Error= iptables v1.3.5: Unknown arg `--add-set'

Please help what i am doing wrong.

Improve this question
4
  • iptables is currently at version 1.6.0, upgrade needed badly!
    – cybernard
    Commented Apr 14, 2016 at 15:13
  • I assume you have an equally horrible kernel version, 2.6.18, yes you do.
    – cybernard
    Commented Apr 14, 2016 at 15:17
  • Why are you still using this ancient version of Centos? If the hacker realizes your using 2.6.18 he can just exploit the kernel bash vulnerability (fixed 6+ months ago) and gain control of your system.
    – cybernard
    Commented Apr 14, 2016 at 15:35
  • is it necessary to upgrade my full Centos? or just use new kernel and update iptables with new rpm ?
    – Rizwan.A
    Commented Apr 15, 2016 at 4:37

1 Answer 1

Reset to default
0

The command is valid, but your versions are so old they don't match. It is possible the kernel and iptables have incompatible protocol versions. You would have to at minimum download the source code and compile the new version of iptables. You need to use the make modules and modules_install command to install the new version into the running kernel. You may have to do the same for ipset. Available from netfilter.org.

Improve this answer
2
  • I do not want to upgrade my full Centos with fresh installation as I am using this machine as a Gateway with 5 Interfaces 1 LAN, 4 ISPs to share Internet for my users since LAST 4 Years. so if I use only new version of Kernel and upgrade iptables rpm, is this fulfil my requirements to use iptables with ipset?
    – Rizwan.A
    Commented Apr 15, 2016 at 4:39
  • Yes, if you upgrade the kernel,iptables,and ipset everything should be good. You need to add make modules && make modules_install to the usually set of make commands.
    – cybernard
    Commented Apr 15, 2016 at 14:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .