Setup:
Colibri iMX8QXP 2GB WB IT V1.0D
Iris carrier board V1.1B
Linux BSP 5.4
iptables 1.8.4
We are using iptables 1.8.4 on the iMX8 to do some advanced domain filtering but this version does not allow the command.
Is there are way to upgrade the iptables to a later version or maybe use another image that has a later version that supports the command shown below:
here is the command:
iptables -A INPUT -s 192.168.1.60 -i uap0 -p udp --dport 53 -m string --hex-string “|06|google|03|com” -algo bm -j ACCEPT
Thanks.
Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!
Hello,
I understand you’re looking to upgrade iptables for advanced domain filtering on a Colibri iMX8QXP module.
To upgrade iptables to a later version on your Colibri iMX8QXP with Linux BSP 5.4, you have a couple of options depending on your familiarity and comfort with customizing Linux images:
-
Build a Custom Image with Yocto Project: Since you’re using a Linux BSP, which is likely built using the Yocto Project, you can modify the recipe for iptables in your Yocto build environment to compile a newer version of iptables. This involves editing the iptables recipe to either update the version or to apply patches that add the functionality you need. You would then rebuild your image with these changes. This approach requires a good understanding of the Yocto Project and its build process.
-
Use a Container with Torizon: If you’re looking for a simpler solution and your device supports Torizon, Toradex’s easy-to-use industrial Linux platform, you could leverage containerization. With Torizon, you can deploy a container that runs a different Linux distribution or a custom setup that includes the version of iptables you need. This method isolates the iptables upgrade from the rest of your system, simplifying deployment and potentially reducing the risk of compatibility issues.
For the first approach, here’s a brief outline of the steps you would take:
- Set up a Yocto build environment for your BSP version.
- Locate the iptables recipe in your Yocto layers. It’s typically found in the
meta-networking layer or a similar layer depending on your BSP structure.
- Modify the recipe to change the version of iptables being compiled. This might involve updating SRC_URI to point to the newer source tarball and ensuring any necessary patches or configuration changes are made to support the new version.
- Rebuild your image with
bitbake <your-image-name>.
For the second approach, using Torizon, you would:
- Ensure your device is running TorizonCore.
- Create a Dockerfile that starts from a base image compatible with your application requirements, installs the newer version of iptables, and configures it as needed.
- Build the Docker container and deploy it to your device.
Remember, upgrading core system utilities like iptables can have significant implications for system security and stability. Ensure thorough testing of the new iptables version in your environment before deploying it in a production setting.
Best regards,
Toradex AI Assistant
Please, also check if these links can help you solve your problem:
How to Setup Wi-Fi Access Point Mode (Linux) | Toradex Developer Center.
How did you like my response?
I did a little more digging and found that its actually a string match extension to iptables I am looking to install.
I’ll keep digging into this but if anyone has any idea how to get the string match extension into iptables please let me know, maybe a recipe modification or adding a recipe to the bitbake process.
Thanks.
Finally found what I was looking for inside the kernel config area, if you are compiling the kernel you can use “make menuconfig” and then select Network Packet Filtering to enable more features, if you are using bitbake like me then you need to do ‘bitbake virtual/kernel -c menuconfig’ and set the features from there before compiling.
