iptables module loading and lokkit
Hello Debian firewall'ers,
I have a question that hopefully someone on this list could answer. My
Debian testing machine (uptodate, kernel 2.6.8) doesn't seem be able to
start lokkit during boot. I removed all the rc?.d/*lokkit links and tried
to set it up manually with these results:
luppakorva:~# lsmod | grep ipt
luppakorva:~# /etc/init.d/lokkit start
Starting basic firewall rules: iptables v1.2.9: can't initialize
iptables table
`filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip_tables: (C) 2000-2002 Netfilter core team
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
failed.
luppakorva:~# lsmod | grep ipt
iptable_filter 2880 0
ip_tables 18464 1 iptable_filter
luppakorva:~# /etc/init.d/lokkit start
Starting basic firewall rules: lokkit.
To me it seems that the first '/etc/init.d/lokkit start' fails but
starts the automatic module loading process, and the following 'lokkit
start' works as expected. Is this a bug in iptables or lokkit scripts,
or both?
I think that iptables should block until all the required modules are
loaded, so the correct place to fix this (and assign an error?) would be
iptables and not the lokkit scripts, which might of course call
'iptables -L' or something similar to load the modules before loading
the actual firewall rules.
Any other ideas or pointers?
-Mikko
Reply to: