Permalink
Browse files

(Kim Hagen) Bug fix for 'Couldn't load target' error

Kim Hagen submitted this patch for a bug in fwsnort-1.6 where the fwsnort
policy in iptables-save format could not be loaded whenever iptables-save put
the nat table output after the filter table output.  In this case, fwsnort
would fail with an error like the following (fixed in fwsnort-1.6.1):

    Couldn't load target
    `FWSNORT_FORWARD_ESTAB':/lib/xtables/libipt_FWSNORT_FORWARD_ESTAB.so:
    cannot open shared object file: No such file or directory

fwsnort now invokes 'iptables-save -t filter' in order to ensure that
ordering issues do not affect how fwsnort builds its translated rule set.
  • Loading branch information...
1 parent 19625a6 commit 4cfbd3e7e29a601ac74e59031b620235ce8d76f6 @mrash committed Sep 2, 2011
Showing with 12 additions and 1 deletion.
  1. +11 −0 CREDITS
  2. +1 −1 fwsnort
View
11 CREDITS
@@ -65,3 +65,14 @@ Andy Rowland
Yves Pagani
- Found a bug where fwnsort could build iptables --log-prefix strings that
are longer than the underlying iptables firewall would allow.
+
+Kim Hagen
+ - Submitted a patch for a bug in fwsnort-1.6 where the fwsnort policy in
+ iptables-save format could not be loaded whenever iptables-save put the
+ nat table output after the filter table output. In this case, fwsnort
+ would fail with an error like the following (fixed in fwsnort-1.6.1):
+
+ Couldn't load target
+ `FWSNORT_FORWARD_ESTAB':/lib/xtables/libipt_FWSNORT_FORWARD_ESTAB.so:
+ cannot open shared object file: No such file or directory
+
View
@@ -3195,7 +3195,7 @@ sub cache_ipt_save_policy() {
return unless $is_root;
- open IPT, "$save_bin |" or die "[*] Could not execute $save_bin";
+ open IPT, "$save_bin -t filter |" or die "[*] Could not execute $save_bin";
while (<IPT>) {
push @ipt_save_lines, $_;
}

0 comments on commit 4cfbd3e

Please sign in to comment.