How can I upgrade my iptable version from 1.3.5 to iptable 1.4.1 ?

Posted on 2008-06-15
Last Modified: 2012-06-22
Hi Experts ,
When i try to use my iptable script command with timestart I receive
 "iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/ cannot open shared object file: No such file or directory" error.
My iptable script command :
iptables -t nat -A PREROUTING-p tcp --dport 80 --source --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
My Iptable ver : v.1.3.5
My Os : Centos 5.1
I think I should update something about my iptable and kernel.Anyone advise me how I can do both of upgrade step bey step I am quite new in linux.
Question by:mehmetinoglu
  • 5
  • 4
  • 2
LVL 19

Expert Comment

ID: 21787900 this related to the question I helped you with ? Actually you do not need an upgrade of Iptables you need to recompile your kernel with support for that module...If I am right about my first assumption tell me and I will give you another solution.
LVL 34

Expert Comment

by:Duncan Roe
ID: 21788130
You can get iptables 1.4.1 from The iptables home page is
It was only released a few days ago. You should probably fetch and run patch-o-matic to make sure your kernel has everything that's needed by it.

Author Comment

ID: 21792961
Hi shakoush2001,
I have installed fedora 9 yesterday with kernel 2.6.25-14.fc9.i686.It's iptable's ver is iptables v1.4.0. and also same error is still existing.I think you are right.So how can I recompile my kernel with support for iptables timing module.
I tried to install support for timing in iptable but  when I try to use command  "./runme extra"  in patch-o-matic I received
Hey! KERNEL_DIR is not set.
Where is your kernel? [/usr/src/linux]
error.If this situation related to our trouble can you assist me for this.
Thanks in advance your help.
LVL 19

Expert Comment

ID: 21793101
You could simply create two scripts


those two scripts will be run by cron at two specific times and enable + disable access  at those times

The two sh files will include iptables rules to enable or disable IPs on dansguardian
if you like that approach I can help you out.

Author Comment

ID: 21794234
Thx for your advice but I can solve my trouble on temporary base with your solution.I also want to use Iptable enhanced functions especially timing.So I have to solve  "./runme extra"  in patch-o-matic problem.I am still waiting every ones suggestion on installing patch-o-matic installation ending with error "Hey! KERNEL_DIR is not set."
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

LVL 34

Expert Comment

by:Duncan Roe
ID: 21798024
Is Linux source installed on your system?
patch-o-matic will be looking in the directory /lib/modules/$(uname -r) for 2 symbolic links: "source" and "build". Check whether you have these links and verify they point to existing directories.

Author Comment

ID: 21913616
CC [M]  net/ipv4/netfilter/ipt_time.o
net/ipv4/netfilter/ipt_time.c:159: warning: initialization from incompatible pointer type
net/ipv4/netfilter/ipt_time.c:163: warning: initialization from incompatible pointer type

When I recompile my kernel.I receive above mentioned error.I have tested it on fedora 9,fedora8 both result with same error on kernel recompile process.
My iptable ver :iptables-1.3.8.tar
Kernel : linux-
patchomatic ver : patch-o-matic-ng-20071208
netfilter layer: netfilter-layer7-v2.16.1
Thanks in advance.
LVL 34

Expert Comment

by:Duncan Roe
ID: 21915252
They're only warnings, it may be all right to ignore them. I can't check straight away - my (older) source is different. Will aim to check at the weekend if no-one else comes up with a definitive answer meantime

Author Comment

ID: 21922805
Thanks duncan.if you give your source version running I can also test them until weekend.
LVL 34

Expert Comment

by:Duncan Roe
ID: 21939800
Rather mixed results. iptables1.4.1.1 (the latest) is in a new format (for iptables) with regular configure It seems patch-o-matic has not caught up with this format, because on running it, I get:

Your iptables version  is unknown for patch-o-matic at ./runme line 333

It's a little hard to see, but there are actually 2 spaces between "version" and "is". That means the scripts weren't able to determine the iptables version.

When I run patch-o-matic against iptables-1.4.0, it tells me that my kernel is up to date - no patches required.


there is no ipt_time.c patch.

Either tonight or tomorrow night, I will probe a little further. After thet, I have to go into hospital for an operation so will be off the air for a few weeks.

BTW I think you should use "timestart" instead of "--timestart": the .so fie will be called - again not there in iptables 1.4
LVL 34

Accepted Solution

Duncan Roe earned 500 total points
ID: 21939994
The 1.4.0 time module seems to be what you want. It does have a --timestart option. The latest kernel would appear to contain the code (that's what patch-o-matic said, anyway, in my previous post).
I've attached the 1.4.0 man file for your perusal. Save it to a file (called, say, myfile) then do "man ./myfile".


Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AWS RDS 3 68
linux copy files from usb to folder on system 14 60
video edge NVR Device Discovery Problem 4 34
Error Message during CentOS 7 Minimal Install 3 34
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now