Estou usando um VPS de um provedor VPS que executa um kernel 2.6, RHEL com o sistema de virtualização OpenVZ. Eu quero usar o utilitário ipset para gerenciar ip sets no meu firewall iptables.
Este é o erro que estou recebendo ao criar um ipset:
mindaugas@517713:~$ sudo ipset create cf_ipv4 hash:net
ipset v6.20.1: Cannot open session to kernel.
strace do comando: link
Pergunta : é possível usar o ipset em tal máquina com essas opções? Se sim - como posso fazer isso?
Acompanhamento:
mindaugas@517713:~$ mount
/dev/simfs on / type simfs (rw,relatime,usrquota,grpquota)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
none on /dev type devtmpfs (rw,nosuid,noexec,relatime,mode=755)
none on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/cgroup type tmpfs (rw,relatime,size=4k,mode=755)
none on /run type tmpfs (rw,nosuid,noexec,relatime,size=275252k,mode=755)
none on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
none on /run/shm type tmpfs (rw,relatime)
none on /run/user type tmpfs (rw,nosuid,nodev,noexec,relatime,size=102400k,mode=755)
Aqui está a informação relevante:
mindaugas@517713:~$ uname -r
2.6.32-042stab120.3
mindaugas@517713:~$ sudo rpm -qa
vzkernel-headers-2.6.32-042stab120.3.x86_64
mindaugas@517713:~$ ipset --help
ipset v6.20.1
Usage: ipset [options] COMMAND
mindaugas@517713:~$ sudo apt-get install xtables-addons-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
xtables-addons-common is already the newest version.
The following packages were automatically installed and are no longer required:
dmsetup grub-common grub-gfxpayload-lists grub-pc grub-pc-bin grub2-common
libdevmapper1.02.1 libfuse2
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.