How can I upgrade my iptable version from 1.3.5 to iptable 1.4.1 ?

Posted on 2008-06-15
Last Modified: 2012-06-22
Hi Experts ,
When i try to use my iptable script command with timestart I receive
 "iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/ cannot open shared object file: No such file or directory" error.
My iptable script command :
iptables -t nat -A PREROUTING-p tcp --dport 80 --source --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
My Iptable ver : v.1.3.5
My Os : Centos 5.1
I think I should update something about my iptable and kernel.Anyone advise me how I can do both of upgrade step bey step I am quite new in linux.
Question by:mehmetinoglu
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
LVL 19

Expert Comment

ID: 21787900 this related to the question I helped you with ? Actually you do not need an upgrade of Iptables you need to recompile your kernel with support for that module...If I am right about my first assumption tell me and I will give you another solution.
LVL 34

Expert Comment

by:Duncan Roe
ID: 21788130
You can get iptables 1.4.1 from The iptables home page is
It was only released a few days ago. You should probably fetch and run patch-o-matic to make sure your kernel has everything that's needed by it.

Author Comment

ID: 21792961
Hi shakoush2001,
I have installed fedora 9 yesterday with kernel 2.6.25-14.fc9.i686.It's iptable's ver is iptables v1.4.0. and also same error is still existing.I think you are right.So how can I recompile my kernel with support for iptables timing module.
I tried to install support for timing in iptable but  when I try to use command  "./runme extra"  in patch-o-matic I received
Hey! KERNEL_DIR is not set.
Where is your kernel? [/usr/src/linux]
error.If this situation related to our trouble can you assist me for this.
Thanks in advance your help.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 19

Expert Comment

ID: 21793101
You could simply create two scripts


those two scripts will be run by cron at two specific times and enable + disable access  at those times

The two sh files will include iptables rules to enable or disable IPs on dansguardian
if you like that approach I can help you out.

Author Comment

ID: 21794234
Thx for your advice but I can solve my trouble on temporary base with your solution.I also want to use Iptable enhanced functions especially timing.So I have to solve  "./runme extra"  in patch-o-matic problem.I am still waiting every ones suggestion on installing patch-o-matic installation ending with error "Hey! KERNEL_DIR is not set."
LVL 34

Expert Comment

by:Duncan Roe
ID: 21798024
Is Linux source installed on your system?
patch-o-matic will be looking in the directory /lib/modules/$(uname -r) for 2 symbolic links: "source" and "build". Check whether you have these links and verify they point to existing directories.

Author Comment

ID: 21913616
CC [M]  net/ipv4/netfilter/ipt_time.o
net/ipv4/netfilter/ipt_time.c:159: warning: initialization from incompatible pointer type
net/ipv4/netfilter/ipt_time.c:163: warning: initialization from incompatible pointer type

When I recompile my kernel.I receive above mentioned error.I have tested it on fedora 9,fedora8 both result with same error on kernel recompile process.
My iptable ver :iptables-1.3.8.tar
Kernel : linux-
patchomatic ver : patch-o-matic-ng-20071208
netfilter layer: netfilter-layer7-v2.16.1
Thanks in advance.
LVL 34

Expert Comment

by:Duncan Roe
ID: 21915252
They're only warnings, it may be all right to ignore them. I can't check straight away - my (older) source is different. Will aim to check at the weekend if no-one else comes up with a definitive answer meantime

Author Comment

ID: 21922805
Thanks duncan.if you give your source version running I can also test them until weekend.
LVL 34

Expert Comment

by:Duncan Roe
ID: 21939800
Rather mixed results. iptables1.4.1.1 (the latest) is in a new format (for iptables) with regular configure It seems patch-o-matic has not caught up with this format, because on running it, I get:

Your iptables version  is unknown for patch-o-matic at ./runme line 333

It's a little hard to see, but there are actually 2 spaces between "version" and "is". That means the scripts weren't able to determine the iptables version.

When I run patch-o-matic against iptables-1.4.0, it tells me that my kernel is up to date - no patches required.


there is no ipt_time.c patch.

Either tonight or tomorrow night, I will probe a little further. After thet, I have to go into hospital for an operation so will be off the air for a few weeks.

BTW I think you should use "timestart" instead of "--timestart": the .so fie will be called - again not there in iptables 1.4
LVL 34

Accepted Solution

Duncan Roe earned 500 total points
ID: 21939994
The 1.4.0 time module seems to be what you want. It does have a --timestart option. The latest kernel would appear to contain the code (that's what patch-o-matic said, anyway, in my previous post).
I've attached the 1.4.0 man file for your perusal. Save it to a file (called, say, myfile) then do "man ./myfile".


Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question