How can I fix the iptables error message “unable to initialize table 'filter'”?-Collection of common programming errors

10 years ago
admin
7 minutes

  • user3215

    When I try to use iptables command on one of my Rackspace cloud server, I’m getting the following error.

    In an attempt to apply iptables rules with iptables-apply -t 120 /etc/iptables.rules and iptables-restore < /etc/iptables.rules I got the next error:

    FATAL: Could not load /lib/modules/2.6.32.4-rscloud/modules.dep: No such file or directory
iptables-restore v1.4.4: iptables-restore: unable to initialize table 'filter'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

    How do I fix this?

    EDIT 1:

    uname -r :

    2.6.32.4-rscloud

    modprobe /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/iptable_filter.ko :

    FATAL: Could not load /lib/modules/2.6.32.4-rscloud/modules.dep: No such file or directory

    ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/

    :

    ls: cannot access /lib/modules/2.6.32.4-rscloud/kernel/net/ipv4/netfilter/: No such file or directory

    EDIT 2:

    apt-cache search linux-image-

    * :

    alsa-base - ALSA driver configuration files
linux-image-2.6.31-14-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-14-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-14-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-302-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-9-rt - Linux kernel image for version 2.6.31 on Ingo Molnar's full real time preemption patch
linux-image-rt - Rt Linux kernel image
rt2400-source - source for rt2400 wireless network driver
rt2500-source - source for rt2500 wireless network driver
rt2570-source - source for rt2570 wireless network driver
linux-image - Generic Linux kernel image.
linux-image-2.6.31-15-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-15-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-15-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-16-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-16-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-16-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-17-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-17-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-17-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-19-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-19-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-19-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-20-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-20-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-20-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-21-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-21-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-21-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-304-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-305-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-306-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-ec2 - Linux kernel image for ec2 machines
linux-image-generic - Generic Linux kernel image
linux-image-server - Linux kernel image on Server Equipment.
linux-image-virtual - Linux kernel image for virtual machines
linux-image-2.6.31-22-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-22-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-22-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-307-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64

  • Lekensteyn

    You need to load a kernel module for enabling the filter table. Run the next command as root:

    modprobe /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/iptable_filter.ko

    (uname -r gives the current kernel version)

    For a list of available modules for iptables, list the directory containing iptables modules:

    ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/

    To get information on all modules:

    modinfo /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/*.ko

  • Francis Turner

    Another way to get proper iptables support is to install xtables-addons, you need to have quite a lot of tools to get this working though (module-assistant, build-essential etc.), but the advantage is that at the end you have ipset as well as iptables and (IMHO) using ipset as well is much better for large complex rulesets

    apt-get install xtables-addons-common

apt-get install xtables-addons-source

m-a prepare

m-a build xtables-addons

m-a install xtables-addons

  • Thomas W.

    I also use the Rackspace Cloud, with kernel 2.6.35.4-rscloud. I have multiple instances with this kernel and iptables works fine on some and I have the same problem as you on a couple others.

    Therefore I believe this kernel does have the support it needs for iptables, and the issue is caused by something else (I’m still looking for the solution myself)

    EDIT: I solved my issue by scp -r copying the /lib/modules/2.6.35.4-rscloud from the working iptables server to the non-working one.

    For some reason uname -r shows 2.6.35.4-rscloud and ls /lib/modules/ only contained the previous version like /lib/modules/2.6.31-302-rs.

    I’m not sure why this can fall out of synch, or what to do if you don’t have a working server to copy these files from, but hopefully this points you in the right direction.

    I did not need to recompile a kernel or anything like that.


  • My Pet Ocean

    I had the same error, but I found a stray comment in an unrelated article (http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-1) that identified the silly molecular error that was at fault in my case. The problem was that I had created the iptables.rules file using a text editor (Notepad++), but because the file type wasn’t recognized, Notepad++ defaulted to using Windows End-of-Line and End-of-File characters. iptables rejects these characters, requiring their Unix equivalents, and was thus throwing an error upon the first occurrence: the end of the *filter line — giving the false impression that there was something wrong with the *filter syntax. Ah, the ever-present joys of character-encoding-related errors!

    Two Solutions

    • The commenter I mentioned above installed (sudo aptitude install tofrodos) and ran (fromdos /etc/iptables.rules) a little conversion utility on the file.

    —OR—

    • What I did was, in Notepad++, Edit > EOL Conversion > UNIX Format, and then Save and re-upload the file. That took care of the End-of-Line characters, but not the End-of-File character (despite what one might expect). So once I had it uploaded to the server, I opened it up in nano and created a newline at the end of the file and saved. Then everything worked perfectly.

    It might also be possible that merely opening the file in nano and resaving, without actually changing the characters manually, would do the trick, but I haven’t tested.


  • Pierre

    It is possible that the linux kernel you are using wasn’t built with loadable module support. A good way to find out if your kernel has module support is to check the existence of the file /proc/modules. If it is there but you don’t have a /lib/modules/$(uname -r)/modules.dep file, it means that your kernel has support for modules but that they were not correctly installed. It look like your kernel was built by your provider Rackspace, you should ask them about the kernel configuration.