iptables unknown option "-J"

infinet / xt_wgobfs

Iptables WireGuard obfuscation extension

GNU General Public License v2.0

223 stars 24 forks source link

iptables unknown option "-J" #1

Closed marek22k closed 1 year ago

marek22k commented 1 year ago

sudo iptables -t mangle -I INPUT -p udp -m udp --sport 52925 -J WGOBFS --key mysecretkey --unobfs
iptables v1.8.7 (nf_tables): unknown option "-J"
Try `iptables -h' or 'iptables --help' for more information.

OS: Debian 11 (fresh install)

infinet commented 1 year ago

Lowercase, -j

marek22k commented 1 year ago

$ sudo iptables -t mangle -I INPUT -p udp -m udp --sport 52925 -j WGOBFS --key mysecretkey --unobfs
iptables v1.8.7 (nf_tables): unknown option "--key"
Try `iptables -h' or 'iptables --help' for more information.

$ ls /usr/lib/x86_64-linux-gnu/xtables | grep libxt_WG
libxt_WGOBFS.so

infinet commented 1 year ago

Have you built and installed libxt_WGOBFS.so?

marek22k commented 1 year ago

Yes, I have.

$ ls /lib/modules/5.10.0-18-amd64/kernel/net/netfilter/ | grep xt_WG
xt_WGOBFS.ko

infinet commented 1 year ago

That is the kernel module. You also need userland. See readme.

marek22k commented 1 year ago

Userland? I only see

Run make in kernel/ to build kernel module. Copy xt_WGOBFS.ko to /lib/modules/yourkernelversion/kernel/net/netfilter/, then run depmod -a.

Run make in xtables/ to build iptables extension. Copy libxt_WGOBFS.so to xtables directory.

and I did both.

infinet commented 1 year ago

Somehow Debian 11 does not load the kernel module automatically. Need modprobe xt_WGOBFS. See updated readme.

marek22k commented 1 year ago

Works