Novell Home

My Favorites

Close

Please to see your favorites.

SLES11 SP2/SP3 - Using ipset to create user-defined IP sets for iptables results in : "No chain/target/match by that name".

This document (7014180) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 11 Service Pack 2
SUSE Linux Enterprise Server 11 Service Pack 3

Situation

Using 'ipset' to create a new user-defined IP set for use with 'iptables', results results in error:
"No chain/target/match by that name"

Resolution

This has been resolved with a PTF for the current kernel, and will be resolved in a future kernel release.

Cause

The error is caused by fact that the iptables (user space) module ipt_set was available in the SLE kernel, but the netfilter (kernel) module xt_set was only available in the (unsupported) kernel-*-extra packages.

Additional Information

The problem can easily be duplicated using both SUSE Linux Enterprise 11 SP2 and SP3 with the iptables & ipset packages installed.

In a terminal window, type for example:
ipset -N sftpext hash:ip
and
iptables -A INPUT -m set --match-set sftpext src -j ACCEPT

This will result in the following message :
"No chain/target/match by that name"

Verifying the same IP set once again seems to indicate the IP set is valid:
ipset -N sftpext hash:ip
Results in :       
ipset v6.12: Set cannot be created: set with the same name already exists

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014180
  • Creation Date:26-NOV-13
  • Modified Date:02-DEC-13
    • SUSESUSE Linux Enterprise Server

Did this document solve your problem? Provide Feedback