Jim O’Halloran’s Weblog

Published June 1st, 2004 by Jim O'Halloran

Perl IPTables::IPv4 module

I’ve had a look at the IPTables::IPv4 module from CPAN recently for a job I’m doing. I’ve had a lot of trouble getting it to compile/install on some machines, so I thought I’d share what I’ve found…

The major problems I’ve found relate to the “make test” stage of the install. Firslty, Time::HiRes isn’t listed as a dependency of IPTables::IPv4, bit it needs to be installed otherwise “make test” will fail. I also installed “Bundle::CPAN” to ensure that the modules required for building and installling other modules were present and up to date. “make test” will also fail if there are no iptables rules currently set on our machine, so set up some sample rules before you try a “make test”.

I’ve done the install on a couple of machines now, and eventually got an install working on all of them. The above represents the modules which I know defiantely have helped. On the machines where I’ve had problems I’ve also tried installling the “Error” module and “ExtUtils::MakeMaker”, they didn’t actually seem to fix the problem, but might have contributed to a working solution.

Finally, a gotcha…. Running “make test” will flush all of the existing IPTables rules before it tests. If you’re on an SSH connection this will obviously result in your connection being dropped. “make test” does back up the existing IPTables rules before flushing them, and attempts to restore them afterwards. However I’ve found that rules in the NAT table aren’t restored. I’ve had to resort to the local console to run “make test” successfuly, but there may be other ways around this.

| Post in Perl |