Topic: The kernel doesn't support the ebtables filter table.

The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

Giammin

29 Nov 2005, 14:44

i have an wrt54gs v1.1 with whiterussian RC4

i need ebtables because i use router for transparent firewalling with vlan0 and vlan1 in bridge, and i don't want that dnsmasq gives ip out of my lan.

in my old firewall (an old pc with 2 lancards and linux installed) i used ebtables with this rule

ebtables -F
ebtables -A INPUT -i eth1 -d ff:ff:ff:ff:ff:ff -j DROP

and everything work fine

i installed by ipkg ebtables package in my wrt54gs but when i try to use ebtables i get this error:

root@OpenWrt:~# ebtables -A INPUT -i eth1 -d ff:ff:ff:ff:ff:ff -j DROP
The kernel doesn't support the ebtables filter table.

This are my pakages installed

root@OpenWrt:~# ipkg list_installed
base-files - 5 - OpenWrt filesystem structure and scripts
base-files-brcm - 2 - Board/architecture specific files
bridge - 1.0.6-1 - Ethernet bridging tools
busybox - 1.00-3 - Core utilities for embedded Linux systems
dnsmasq - 2.22-2 - A lightweight DNS and DHCP server
dropbear - 0.45-4 - a small SSH 2 server/client designed for small memory environments.
ebtables - 2.0.6-1 - Ethernet bridge firewalling software
haserl - 0.8.0-1 - a CGI wrapper to embed shell scripts in HTML documents
ipkg - 0.99.149-2 - lightweight package management system
iptables - 1.3.3-1 - The netfilter firewalling software for IPv4
kernel - 2.4.30-brcm-2 -
kmod-brcm-et - 2.4.30-brcm-2 - Proprietary driver for Broadcom Ethernet chipsets
kmod-brcm-wl - 2.4.30-brcm-2 - Proprietary driver for Broadcom Wireless chipsets
kmod-diag - 2.4.30-brcm-2 - Driver for Router LEDs and Buttons
kmod-ebtables - 2.4.30-brcm-2 - Ethernet bridge firewalling kernel modules
kmod-ppp - 2.4.30-brcm-2 - PPP support
kmod-pppoe - 2.4.30-brcm-2 - PPP over Ethernet support
kmod-wlcompat - 2.4.30-brcm-3 - Compatibility module for using the Wireless Extension with broadcom's wl
libgcc - 3.4.4-5 - GCC support library
libopenssl - 0.9.7i-1 - OpenSSL (Secure Socket Layer) libraries
mtd - 3 - Tool for modifying the flash chip
nvram - 1 - NVRAM utility and libraries for Broadcom hardware
openssh-sftp-server - 4.2p1-1 - OpenSSH SFTP server
ppp - 2.4.3-7 - a PPP (Point-to-Point Protocol) daemon (with MPPE/MPPC support)
ppp-mod-pppoe - 2.4.3-7 - a PPPoE (PPP over Ethernet) plugin for PPP
uclibc - 0.9.27-5 - Standard C library for embedded Linux systems
webif - 0.01-1 - A modular, extensible web interface for OpenWrt.
wificonf - 5 - Replacement utility for wlconf
wireless-tools - 28.pre7-1 - Tools for setting up WiFi cards using the Wireless Extension
zlib - 1.2.2-2 - an implementation of the deflate compression method (library)
Successfully terminated.

Any suggestion?

Post #2

Vincent Bernat

29 Nov 2005, 14:59

Giammin wrote:

i installed by ipkg ebtables package in my wrt54gs but when i try to use ebtables i get this error:
root@OpenWrt:~# ebtables -A INPUT -i eth1 -d ff:ff:ff:ff:ff:ff -j DROP
The kernel doesn't support the ebtables filter table.

Did you load ebtables modules ?
For example : ebtables ebtable_filter ebt_ip ebt_pkttype

Post #3

Giammin

29 Nov 2005, 17:07

no i don't...

but i have just read that

http://wiki.openwrt.org/TransparentFirewall wrote:

ebtables has been removed from the openWRT kernel for performance reasons, so you will need to build a custom firmware with ebtables in the kernel.

with RC4 this problem has been resolved?

do i have to build a custom firewall?

there is another why to block dhcp?

Post #4

Vincent Bernat

29 Nov 2005, 23:30

Giammin wrote:

no i don't...
but i have just read that
http://wiki.openwrt.org/TransparentFirewall wrote:
ebtables has been removed from the openWRT kernel for performance reasons, so you will need to build a custom firmware with ebtables in the kernel.
with RC4 this problem has been resolved?
do i have to build a custom firewall?
there is another why to block dhcp?

ebtables is back in RC4. Therefore, you just need to load the modules (there is no automatic module loading like what you can have with a classic Linux distribution). DHCP is just a plain IP protocol, you can use iptables to filter it (except if you want to filter a DHCP client/server running on the WRT, because of the use of LSF).

The discussion might have continued from here.

Page 1 of 1