Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 170667 - iptables init scripts do not load kernel modules
Summary: iptables init scripts do not load kernel modules
Status: VERIFIED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-12 22:22 UTC by Luke-Jr
Modified: 2007-03-12 23:22 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Kernel config (linux-2.6.19-gentoo-r5.config,32.10 KB, text/plain)
2007-03-12 23:04 UTC, Luke-Jr
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Luke-Jr 2007-03-12 22:22:49 UTC
* Service iptables starting
 * Loading iptables state and starting firewall ...
iptables-restore v1.3.5: iptables-restore: unable to initializetable 'filter'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more informat  [ !! ]
 * ERROR:  iptables failed to start
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-03-12 22:27:42 UTC

*** This bug has been marked as a duplicate of bug 135823 ***
Comment 2 Luke-Jr 2007-03-12 22:35:15 UTC
How is this a duplicate of that? That seems to be dealing with old modules installed. Completely different.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2007-03-12 22:37:55 UTC
Have a look at your dmesg output...
Comment 4 Luke-Jr 2007-03-12 22:40:13 UTC
There is no output in dmesg. The init script never even attempts to modprobe iptable_*
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2007-03-12 22:57:06 UTC
See, either your kernel .config and/or your saved iptables rules are completely messed up; none of those is exactly an iptables bug. Considering that you haven't included any information here, you can't expect much more. Move this to forums.gentoo.org and include relevant information there if you expect to hear something more helpful.

Comment 6 Luke-Jr 2007-03-12 22:59:45 UTC
I have included in the description EXACTLY the bug.
To spell it out clearer: the init scripts make no attempt to ensure iptables support is loaded. If I manually 'modprobe iptable_filter', everything works. The init script should load these modules as needed.
Comment 7 Jakub Moc (RETIRED) gentoo-dev 2007-03-12 23:02:24 UTC
Attach your kernel .config here and post emerge --info. 
Comment 8 Luke-Jr 2007-03-12 23:04:25 UTC
Created attachment 113115 [details]
Kernel config
Comment 9 Luke-Jr 2007-03-12 23:05:19 UTC
Portage 2.1.2.2 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r5 i686)
=================================================================
System uname: 2.6.19-gentoo-r5 i686 Intel(R) Celeron(R) CPU 2.40GHz
Gentoo Base System release 1.12.9
Timestamp of tree: Thu, 08 Mar 2007 23:30:01 +0000
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol"
ARCH="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CLEAN_DELAY="5"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/terminfo"
CVS_RSH="ssh"
CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EDITOR="/bin/nano"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--verbose"
EMERGE_WARNING_DELAY="10"
FEATURES="autoconfig buildpkg distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict userfetch userpriv usersandbox"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -P ${DISTDIR} ${URI}"
GCC_SPECS=""
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
HOME="/root"
INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/info:/usr/share/gcc-data/i686-pc-linux-gnu/4.1.1/info"
INPUT_DEVICES="keyboard mouse evdev"
KERNEL="linux"
LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe.sh %s"
LINGUAS="en"
LOGNAME="root"
LS_COLORS="no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.mng=01;35:*.pcx=01;35:*.yuv=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.pdf=00;32:*.ps=00;32:*.txt=00;32:*.patch=00;32:*.diff=00;32:*.log=00;32:*.tex=00;32:*.doc=00;32:*.flac=01;35:*.mp3=01;35:*.mpc=00;36:*.ogg=00;36:*.wav=00;36:*.mid=00;36:*.midi=00;36:*.au=00;36:*.flac=00;36:*.aac=00;36:*.ra=01;36:*.mka=01;36:"
MAIL="/var/mail/luke-jr"
MAKEOPTS="-j2"
MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/man:/usr/share/gcc-data/i686-pc-linux-gnu/4.1.1/man"
OLDPWD="/boot"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha ppc-macos hppa sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib/portage/bin"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_PYM_PATH="/usr/lib/portage/pym"
PORTAGE_RSYNC_EXTRA_OPTS=" --exclude=app-laptop --exclude=games-* --exclude=gnome-* --exclude=gnustep-* --exclude=kde-* --exclude=x11-* --exclude=xfce-*"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PWD="/"
PYTHONPATH="/usr/lib/portage/pym"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -P ${DISTDIR} ${URI}"
ROOT="/"
ROOTPATH="/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1"
RPMDIR="/usr/portage/rpm"
SHELL="/bin/bash"
SHLVL="2"
SSH_CLIENT="192.168.29.2 60760 22"
SSH_CONNECTION="192.168.29.2 60760 192.168.28.7 22"
SSH_TTY="/dev/pts/0"
STAGE1_USE="nptl nptlonly unicode"
SUDO_COMMAND="/bin/bash"
SUDO_GID="1000"
SUDO_UID="1000"
SUDO_USER="luke-jr"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
TERM="xterm"
USE="acpi apm berkdb bitmap-fonts bzip2 cli cracklib crypt curl daemon: dhcp dri fam fortran ftp gdbm gpm gui: hardware: iconv idn imap ipv6 isdnlog jabber languages: libg++ lm_sensors maildir midi mime mppe-mppc ncurses nls nptl nptlonly pam pcre perl pic ppds pppd protocol: readline reflection security: session snmp spl ssl svg system: tcpd threads truetype-fonts type1-fonts unicode usb x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mga neomagic nsc nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
USER="root"
USERLAND="GNU"
USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS CAMERAS CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults:pkginternal"
VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mga neomagic nsc nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
XARGS="xargs -r"
_="/usr/bin/emerge"
Comment 10 Jakub Moc (RETIRED) gentoo-dev 2007-03-12 23:17:07 UTC
# CONFIG_KMOD is not set

Normally when you have selected some parts of the kernel to                                                                            
be created as kernel modules, you must load them (using the                                                                            "modprobe" command) before you can use them. If you say Y here, some parts of the kernel will be able to load modules                                                                         automatically: when a part of the kernel needs a module, it                                                                             runs modprobe with the appropriate arguments, thereby                                                                                loading the module if it is available.  If unsure, say Y.  
Comment 11 Luke-Jr 2007-03-12 23:18:57 UTC
Isn't that part of the devfs mindset? Having the kernel detect when to load something
Comment 12 Jakub Moc (RETIRED) gentoo-dev 2007-03-12 23:22:28 UTC
(In reply to comment #11)
> Isn't that part of the devfs mindset? Having the kernel detect when to load
> something

Besides the fact that devfs support doesn't exist since kernel 2.6.13, neither udev will do such stuff since it's none of its business. iptables is not hardware; kernel will do it unless you disable it (and then you'll usually have much more serious problems than non-loading iptables).