Re: Iptables and kernel 2.6.17 phelp needed

To: debian-user@lists.debian.org
Subject: Re: Iptables and kernel 2.6.17 phelp needed
From: claytonk@163.com
Date: Wed, 19 Jul 2006 22:54:31 +0800
Message-id: <[🔎] 20060719225431.3379578d.claytonk@163.com>
In-reply-to: <[🔎] 1153289468.6470.20.camel@localhost.localdomain>
References: <[🔎] 1153289468.6470.20.camel@localhost.localdomain>

On Wed, 19 Jul 2006 09:11:08 +0300
chavdar <chavdar@mr-bricolage.bg> wrote:

> Dear List,
> 
> I am running Debian unstable. My current kernel is 2.6.12 and it is my
> own custom build. Following the recent security advisories, last
> night I decided to upgrade my kernel. I downloaded the Debian source
> for 2.6.17 and did my build as usual with the following commands:
> 
> # make-kpkg clean
> # make-kpkg --append-to-version -update17072006 --config oldconfig
> kernel_image
> 
> I installed my new kernel just as usual, rebooted and to my surprise
> during the boot I received a long list of the following errors:
> 
> iptables v1.2.11: can't initialize iptables table `filter': iptables
> who? (do you need to insmod?) 
> Perhaps iptables or your kernel needs to be upgraded.
> 
> I felt like in a nightmare, because I highly depend on my iptables for
> my environment .This is a home machine and my connection is not NAT-ed
> by the ISP, so I am exposed to the world.
> The first thing I did was to update iptables. Nothing changed.
> I checked the kernel config again:
> 
> # make menuconfig
> 
> I found out that most of the netfilter options are gone and that there
> are a couple of new options which I had already changed during the
> oldconfig:
> 
> CONFIG_NETFILTER=y
> # CONFIG_NETFILTER_DEBUG is not set
> CONFIG_BRIDGE_NETFILTER=y
> # CONFIG_NETFILTER_NETLINK is not set
> CONFIG_NETFILTER_XTABLES=y
> CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
> CONFIG_NETFILTER_XT_TARGET_MARK=y
> CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
> CONFIG_NETFILTER_XT_MATCH_COMMENT=y
> CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
> CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
> CONFIG_NETFILTER_XT_MATCH_DCCP=y
> CONFIG_NETFILTER_XT_MATCH_ESP=y
> CONFIG_NETFILTER_XT_MATCH_HELPER=y
> CONFIG_NETFILTER_XT_MATCH_LENGTH=y
> CONFIG_NETFILTER_XT_MATCH_LIMIT=y
> CONFIG_NETFILTER_XT_MATCH_MAC=y
> CONFIG_NETFILTER_XT_MATCH_MARK=y
> CONFIG_NETFILTER_XT_MATCH_POLICY=y
> CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
> CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
> CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
> CONFIG_NETFILTER_XT_MATCH_REALM=y
> CONFIG_NETFILTER_XT_MATCH_SCTP=y
> CONFIG_NETFILTER_XT_MATCH_STATE=y
> CONFIG_NETFILTER_XT_MATCH_STRING=y
> CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
> CONFIG_BRIDGE_EBT_T_FILTER=y
> CONFIG_PPP_FILTER=y
> 
> And that was all. Nothing else from the usual Netfilter options that I
> used to configure previously.
> 
> I started googling and only found out that there was a re-design of
> the Netfilter code in the kernel for 2.6.16 and that if I had all of
> the above options enabled, everything would be OK again. Not for me,
> though.
> 
> What else am I missing and how can I get through that and my iptables
> up again?
> 
> Your help will be highly appreciated, for at the moment I am desperate
> and very disappointed.
> 
> Best regards
> 
> Chavdar Videff

Under Networking -->
  Networking Options -->
  Network Packet Filtering -->
  IP: Network Configuration:

Do you have "IP Tables Support" (CONFIG_IP_NF_IPTABLES) turned on? I have this, and all the sub-items turned on.

As I recall, this broke for me in going from 2.6.15 to 2.6.16.

Clayton

Reply to:

Follow-Ups:
- Re: Iptables and kernel 2.6.17 phelp needed
  - From: Dave Patterson <sdpatt2@gmail.com>

References:
- Iptables and kernel 2.6.17 phelp needed
  - From: chavdar <chavdar@mr-bricolage.bg>

Prev by Date: Re: setting up partition before cryptsetup
Next by Date: Re: File manager for creating relative symbolic links
Previous by thread: Re: Iptables and kernel 2.6.17 phelp needed
Next by thread: Re: Iptables and kernel 2.6.17 phelp needed
Index(es):
- Date
- Thread