"RATEEST" and "statistic" modules are broken

Quick fix

The attachment "xtables-lm-noasneeded.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

Status changed to 'Confirmed' because the bug affects multiple users.

Patch posted by Ilya Voronin on 2012-05-05 worked for me.

so can anybody give us compiled libxt_statistic.so module?

Its easy to build your own:

$ apt-get build-dep iptables
$ apt-get build-dep iptables
$ wget https://launchpadlibrarian.net/104349144/xtables-lm-noasneeded.patch
$ cd iptables-1.4.12
$ quilt import ../xtables-lm-noasneeded.patch
$ quilt push -a
$ dpkg-buildpackage -b
$ cd ..
$ sudo dpkg -i iptables_1.4.12-1ubuntu4_amd64.deb
$ echo "iptables hold" | sudo dpkg --set-selections

...

$ apt-get build-dep iptables
$ apt-get source iptables

OK, as I see patch in another bug is released in June.
Any chance to have it in updates ? :-)

iptables (1.4.12-2ubuntu3) raring; urgency=low

  * 9007-lp982961-xtables-lm-noasneeded.patch: fix linking of RATEEST and
    statistic modules. (LP: #982961)

Date: Mon, 03 Dec 2012 11:46:39 +0000
Changed-By: Dmitrijs Ledkovs <email address hidden>
Maintainer: Ubuntu Developers <email address hidden>
https://launchpad.net/ubuntu/raring/+source/iptables/1.4.12-2ubuntu3

Uploaded into raring, but it will probably fail to build from source due to bug 1085958

Any chance to see this in Precise? It's kind of a nasty bug in an LTS. I could build the package myself, but if it will come out in -updates anyways (which I think it should) then I'd rather wait.

This bug was fixed in the package iptables - 1.4.12-2ubuntu3

---------------
iptables (1.4.12-2ubuntu3) raring; urgency=low

  * 9007-lp982961-xtables-lm-noasneeded.patch: fix linking of RATEEST and
    statistic modules. (LP: #982961)
 -- Dmitrijs Ledkovs <email address hidden> Mon, 03 Dec 2012 11:46:39 +0000

Please, release the fix for precise.

Any ETA on a proper fix for this? #6 instructions incomplete and duplicate steps

This is a major bug that has been in place for nearly a year!

Linked branches for quantal/precise to fix this issue.

Both branch uploads have been sponsored. Moving subscription from ubuntu-sponsors to ubuntu-sru.

Hello Ilya, or anyone else affected,

Accepted iptables into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/iptables/1.4.12-2ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

I have installed this in a quantal VM and can verify it does fix the issue.

Any word on the precise SRU?

Nevermind, I see both P/Q branches are pending.

This bug was fixed in the package iptables - 1.4.12-2ubuntu2.1

---------------
iptables (1.4.12-2ubuntu2.1) quantal-proposed; urgency=low

  * Add debian/patches/0002-libxt_RATEEST-link-with-lm.patch and
    debian/patches/0003-libxt_statistic-link-with-lm.patch to fix broken
    RATEEST and statistic modules. (LP: #982961)
 -- Chris J Arges <email address hidden> Wed, 30 Jan 2013 09:27:30 -0600

Hello Ilya, or anyone else affected,

Accepted iptables into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/iptables/1.4.12-1ubuntu5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Both commands no longer execute with undefined symbols.

#iptables -m RATEEST
/lib/xtables/libxt_RATEEST.so: no "RATEEST" extension found for this protocol
iptables v1.4.12: Couldn't load match `RATEEST':No such file or directory

# iptables -m statistic
iptables v1.4.12: --probability must be specified when using random mode

My other brief testing also succeeded.

when would this be released ??!!!

@sunyucong: It's waiting for bug 1074923 to be verified.

I've verified that the package here: http://launchpad.net/ubuntu/+source/iptables/1.4.12-1ubuntu5 fixes bug 982961 and bug 1074923.

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package iptables - 1.4.12-1ubuntu5

---------------
iptables (1.4.12-1ubuntu5) precise; urgency=low

  * Add debian/patches/0002-libxt_RATEEST-link-with-lm.patch and
     debian/patches/0003-libxt_statistic-link-with-lm.patch to fix broken
     RATEEST and statistic modules. (LP: #982961)
  * libxt_string: fix space around arguments. (LP: #1074923)
 -- Chris J Arges <email address hidden> Thu, 28 Feb 2013 13:41:27 -0600