Why libipt_time.so module is missing in ipatbles package shipped on Red Hat Enterprise Linux 5 and 6?

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Issue

  • Why libipt_time.so module is missing in ipatbles package shipped on Red Hat Enterprise Linux 5 and 6?
  • Trying to create a time/date based IPtables rule. Following options are used :
iptables -A INPUT -j TIME-chain
iptables -A TIME-chain -p tcp -d 172.22.186.76 --dport 80 -m state --state NEW,ESTABLISHED -m time --timestart 09:00 --timestop 13:00 --days Mon,Tue,Wed,Thu,Fri -j ACCEPT
  • On execution of last command, found following messages :
iptables v1.3.5: Couldn't load match `time':/lib64/iptables/libipt_time.so: cannot open shared object file: No such file o directory

Resolution

Workaround

  • setup cron jobs which will block the IP address for a specific period of time and unblock it for rest of the time.

Root Cause

  • As iptables is not part of kernel and it is an userspace application so we have not shipped the module "libipt_time.so" since upstream maintainer didn't include it. So, the options which are part of this module are available in manual of iptables.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments