DA-Kiss - DirectAdmin specific firewall based on Kiss v2.0

has anyone managed to get KISS to work on a debian OS? im running debian 4.0 and every time i got to run it I get:

Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!


iptables is installed I think cause I get an output of the following when using iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Click to expand...
any ideas?

ive played around with:

# Enabled this for Pre Fedora Core 2 or Red Hat
#EXTN="o"
# Enabled this for Fedore Core 2 or later
EXTN="ko"
Click to expand...

still no joy :(
 
I think you may have to recompile the kernel with those modules compiled in.

But I'm not sure :(.

Jeff
 
I could try a different firewall, anything different other than kiss?
 
hi, I have a problem with kiss. My OS is Fedora Core 6 and I fellow the first post to install kiss. When I try the Kiss start command, I received this message:

[root@220915 bin]# kiss start
Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!
[root@220915 bin]#

When I do kiss stop to flush the rules I received this:

[root@220915 bin]# kiss stop
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


DA-KISS Firewall - Stopped!

I also add my 10 IP adress to the SERVER_IPS="0.0.0.0/0" like this: SERVER_IPS="ip1.ip1.ip1.ip1 ip2.ip2.ip2.ip2 ip3.ip3.ip3.ip3 ..." without the /0

Any solutions for this. Thx all :)
 
Hi there. After looking around i decided to try out KISS. But then i got this error.I'm running VPS using Centos 5.

Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!

Is it because my admin don't install it?

when i run iptables -L it gave me:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

How can i solve this problems. Thanks
 
You should contact your VPS provider to see if they offer support for those modules. Both KISS and APF require them.

Jeff
 
Tried it, getting the same issues about the ip_tables, ipt_state, and/or ipt_multiport modules. In the script it checks, for example, for existance of the file /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ip_tables.o. I checked for it and the file exists. However, it has a .ko extention. I'm a bit shy to try and bluntly change .o into .ko in the config file, so I thought I'd ask it here first.
 
The latest version of KISS allows you to set once and it will work with either .ko or .o.

But you can safely change them.

KISS doesn't have a config file. All changes are made directly in the runfile.

Jeff

Jeff
 
So it's safe to say I don't have the latest version? Then where do I get that as KISS is now blocking my FTP traffic due to the fact that multiple .ko files are not where it expects them to be (in this case ip_conntrack_ftp.ko I guess)?
 
I can answer my own question. I seem to have the latest DA-KISS, but KISS is now in v2.1. It does still refer to the ip_conntrack_ftp file. I don't have it! I only have some nf_conntrack_ftp file, but I don't know whether that's the same.
 
Hello, i just installed KISS using jeff's version (http://www.nobaloney.net/downloads/kiss/kiss)
When trying to start it for the first time i got this error:

Code: 
Since the ip_tables, ipt_state, and/or ipt_multiport modules do not exist, KISS can not function. Firewall script aborted!

iptables is there but stopped, i stopped it yesterday when i thought it might be blocking DA, iptstate i installed with "yum install iptstate" and it seems to have worked, ipt_multiport isnt something that yum can find to install.

i ran locate on it and found something so it seems to be installed:

[root@flipper ~]# locate ipt_multiport
/lib/iptables/libipt_multiport.so
/usr/include/linux/netfilter_ipv4/ipt_multiport.h


Any ideas why KISS wont start? iptables wont start now either, it doesnt give any errors when running start or restart but when i check its status it just says Firewall is stopped.

Any help appreciated here.
 
The contents of iptables may be deleted; in CentOS boxes the file is at /etc/sysconfig/iptables.

When kiss gives us that error it's always been on a VPS box.

VPS boxes often don't have the right kernal modules actually installed, but it could be an old or specially configured kernel as well.

Jeff
 
Yeah, theres no iptables file in that directory, there is a iptables-config file there tho.

Any solution to the problem? I found these files named iptables i tried copying the first one to the directory you said and now when i try to start iptables it at least gives an error :)


Code: 
[root@flipper sysconfig]# service iptables start
Applying iptables firewall rules: iptables-restore: line 12 failed
                                                           [FAILED]


Files
/etc/rc.d/init.d/iptables
/lib/iptables
/sbin/iptables
 
You have iptables on your server. You need a set of rules that work. Mine won't work for you because they're created from kiss. Perhaps someone else can give you a set of rules that that you can try.

Anyone?

Jeff
 
Thanks for trying to help but I got some assistance from smtalk to install a firewall, he went with APF instead of KISS so i'm all set now. :)
 
I've found the issue; in the later kernel versions some modules have been replaced with newer ones: specifically modules beginning with ipt have been replaced with modules beginning with xt.

I've placed more recent versions at my download page, here.

Jeff
 
You must log in or register to reply here.
Back
Top