| Author |
Message |
neorder
Joined: 21 Dec 2003
Posts: 28
|
| Posted: Wed Feb 11, 2004 10:59 am Post subject: APF won't start |
|
|
hi, i use RH9 and Directadmin, i install APF firewall but it won't start, i got this:
lsmod: QM_MODULES: Function not implemented
Unable to load iptables module (ip_tables), aborting.
i'm sure iptables is running, and i'm using a VPS which is made by UML, i supposed it's the kenel problem, so i tried to recompile apache, but i still get same problem in the end.
i've done some research at google but no luck, any idea about this issue? |
|
| Back to top |
|
inkblot
Joined: 08 Sep 2003
Posts: 62
Location: Bucharest
|
| Posted: Wed Feb 11, 2004 11:57 am Post subject: Re: APF won't start |
|
|
neorder wrote: hi, i use RH9 and Directadmin, i install APF firewall but it won't start, i got this:
lsmod: QM_MODULES: Function not implemented
Unable to load iptables module (ip_tables), aborting.
i'm sure iptables is running, and i'm using a VPS which is made by UML, i supposed it's the kenel problem, so i tried to recompile apache, but i still get same problem in the end.
i've done some research at google but no luck, any idea about this issue?
the linode kernels do not support loadable modules. all available functionality is compiled in. |
|
| Back to top |
|
neorder
Joined: 21 Dec 2003
Posts: 28
|
| Posted: Wed Feb 11, 2004 12:56 pm Post subject: |
|
|
| is that meaning i'm unable to use APF here? |
|
| Back to top |
|
Bill Clinton
Joined: 23 Nov 2003
Posts: 79
|
| Posted: Wed Feb 11, 2004 1:08 pm Post subject: Re: APF won't start |
|
|
inkblot wrote: the linode kernels do not support loadable modules. all available functionality is compiled in.
This raises an interesting issue: custom kernel modules.
What are the security implications of such ?
Bill Clinton |
|
| Back to top |
|
smerritt
Joined: 18 Nov 2003
Posts: 30
|
| Posted: Wed Feb 11, 2004 1:08 pm Post subject: |
|
|
It sounds to me like APF is trying to determine whether or not it needs to load the iptables module. If there's a way to tell it not to check for iptables, the rest of it should work.
Alternately, you could try moving /sbin/lsmod somewhere else and seeing what it does. You don't need lsmod if the kernel doesn't support modules. |
|
| Back to top |
|
smerritt
Joined: 18 Nov 2003
Posts: 30
|
| Posted: Wed Feb 11, 2004 1:16 pm Post subject: |
|
|
Quote: This raises an interesting issue: custom kernel modules.
What are the security implications of such ?
Kernel module code runs as part of the kernel. There's no sandboxing or anything; the module code gets loaded into the kernel's address space with the same privileges as the kernel.
Under UML, if I could load a module, I could make my UML process do stuff on the host. At Linode, I think each UML process runs as a different unprivileged user, so there's not much risk of accessing someone's data. However, a malicious user could still do a DoS attack on the host. Something to eat all the memory, thrash the disk, or even just a fork bomb would really slow down all the Linodes on that host. |
|
| Back to top |
|
| |
