Sergey Zinchenko Posted June 24, 2018 Posted June 24, 2018 Hello! I set up a firewall on the Asus Tinkerboard. I came across a very strange thing - the lack of support for the CT target in iptables. In fact, it appears that iptables has support of given target, but the required kernel module is missing. After running cat /boot/config-4.4.120-rockchip | grep NETFILTER_XT_TARGET_ST I saw the following: # CONFIG_NETFILTER_XT_TARGET_CT is not set. What the reason of that decision? It blocks ability to forward sip, ftp and some other protocols precisely. And also blocks ability to use SYNPROXY target correctly. Is it planned to include this module in the build?
Igor Posted June 24, 2018 Posted June 24, 2018 39 minutes ago, Sergey Zinchenko said: What the reason of that decision? No, there are no specific reasons. If you need something in a configuration, simply add it: https://github.com/armbian/build/blob/master/config/kernel/linux-rockchip-default.config and submit changed config. Changes come to the beta repository in 24h hours, if build succeeds, and in next major release when it's out. Rockchip kernel is under heavy changes and there are some known ongoing issues. I can't give you a warranty that this beta kernel will work as expected. ATM. Check this: https://forum.armbian.com/topic/7498-nanopc-t4/?tab=comments#comment-56635 If you don't need any video-related features, better move to a modern kernel and edit this configuration: https://github.com/armbian/build/blob/master/config/kernel/linux-rockchip-next.config if things you need are not present.
Sergey Zinchenko Posted July 4, 2018 Author Posted July 4, 2018 I have made pull request with the module required. I also added number of modules for iotop utility too you know. Thank you! 1
Sergey Zinchenko Posted August 15, 2018 Author Posted August 15, 2018 On 6/24/2018 at 9:10 PM, Igor said: No, there are no specific reasons. If you need something in a configuration, simply add it: https://github.com/armbian/build/blob/master/config/kernel/linux-rockchip-default.config and submit changed config. Changes come to the beta repository in 24h hours, if build succeeds, and in next major release when it's out. Rockchip kernel is under heavy changes and there are some known ongoing issues. I can't give you a warranty that this beta kernel will work as expected. ATM. Check this: https://forum.armbian.com/topic/7498-nanopc-t4/?tab=comments#comment-56635 If you don't need any video-related features, better move to a modern kernel and edit this configuration: https://github.com/armbian/build/blob/master/config/kernel/linux-rockchip-next.config if things you need are not present. Hi! Is the next major release planed already? What is eta?
Igor Posted August 16, 2018 Posted August 16, 2018 9 hours ago, Sergey Zinchenko said: Hi! Is the next major release planed already? What is eta? We (actually Rockchip) have big problems with RK3288 legacy kernel at the moment and AFAIK they are not completely solved. Any help is appreciated.
Recommended Posts