APF won't start

hi, i use RH9 and Directadmin, i install APF firewall but it won't start, i got this:

lsmod: QM_MODULES: Function not implemented

Unable to load iptables module (ip_tables), aborting.

i'm sure iptables is running, and i'm using a VPS which is made by UML, i supposed it's the kenel problem, so i tried to recompile apache, but i still get same problem in the end.

i've done some research at google but no luck, any idea about this issue?


8 Replies

@neorder:

hi, i use RH9 and Directadmin, i install APF firewall but it won't start, i got this:

lsmod: QM_MODULES: Function not implemented

Unable to load iptables module (ip_tables), aborting.

i'm sure iptables is running, and i'm using a VPS which is made by UML, i supposed it's the kenel problem, so i tried to recompile apache, but i still get same problem in the end.

i've done some research at google but no luck, any idea about this issue?

the linode kernels do not support loadable modules. all available functionality is compiled in.

is that meaning i'm unable to use APF here?


VAPORIZER REVIEWS

@inkblot:

the linode kernels do not support loadable modules. all available functionality is compiled in.
This raises an interesting issue: custom kernel modules.

What are the security implications of such ?

Bill Clinton

It sounds to me like APF is trying to determine whether or not it needs to load the iptables module. If there's a way to tell it not to check for iptables, the rest of it should work.

Alternately, you could try moving /sbin/lsmod somewhere else and seeing what it does. You don't need lsmod if the kernel doesn't support modules.

> This raises an interesting issue: custom kernel modules.

What are the security implications of such ?

Kernel module code runs as part of the kernel. There's no sandboxing or anything; the module code gets loaded into the kernel's address space with the same privileges as the kernel.

Under UML, if I could load a module, I could make my UML process do stuff on the host. At Linode, I think each UML process runs as a different unprivileged user, so there's not much risk of accessing someone's data. However, a malicious user could still do a DoS attack on the host. Something to eat all the memory, thrash the disk, or even just a fork bomb would really slow down all the Linodes on that host.

This probably won't help the original posters, but if anyone else runs into this problem, you can fix it with the following config option in /etc/apf/conf.apf:

SET_MONOKERN="1"

This makes APF assume that all the required modules are already present without checking.

@keithbucher:

This probably won't help the original posters, but if anyone else runs into this problem, you can fix it with the following config option in /etc/apf/conf.apf:

SET_MONOKERN="1"

This makes APF assume that all the required modules are already present without checking.

But Linode uses Xen now, which does support loading kernel modules, so you shouldn't need to do that. You're replying to a post that's more than half a decade old.

How did you manage to get a copy of APF? rfxnetworks.com is broken and I can't seem to download anything.

I use APF on one of my older VPS's, but considering they aren't taking care of the dead links on their site, it makes me think twice before using their software.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct