我该如何修复 iptables 错误消息“无法初始化表‘过滤器’”?

tag-icon tag-icon server 9.10 iptables
我该如何修复 iptables 错误消息“无法初始化表‘过滤器’”?

当我尝试在我的一个 Rackspace 云服务器上使用 iptables 命令时,出现以下错误。

在尝试应用 iptables 规则时iptables-apply -t 120 /etc/iptables.rulesiptables-restore < /etc/iptables.rules我收到以下错误:

FATAL: Could not load /lib/modules/2.6.32.4-rscloud/modules.dep: No such file or directory
iptables-restore v1.4.4: iptables-restore: unable to initialize table 'filter'

Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

我该如何解决?

编辑1

uname -r

2.6.32.4-rscloud

modprobe /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/iptable_filter.ko

FATAL: Could not load /lib/modules/2.6.32.4-rscloud/modules.dep: No such file or directory

ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/

ls: cannot access /lib/modules/2.6.32.4-rscloud/kernel/net/ipv4/netfilter/: No such file or directory

编辑2

apt-cache 搜索 linux-image-* :

alsa-base - ALSA driver configuration files
linux-image-2.6.31-14-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-14-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-14-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-302-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-9-rt - Linux kernel image for version 2.6.31 on Ingo Molnar's full real time preemption patch
linux-image-rt - Rt Linux kernel image
rt2400-source - source for rt2400 wireless network driver
rt2500-source - source for rt2500 wireless network driver
rt2570-source - source for rt2570 wireless network driver
linux-image - Generic Linux kernel image.
linux-image-2.6.31-15-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-15-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-15-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-16-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-16-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-16-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-17-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-17-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-17-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-19-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-19-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-19-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-20-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-20-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-20-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-21-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-21-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-21-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-304-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-305-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-306-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-ec2 - Linux kernel image for ec2 machines
linux-image-generic - Generic Linux kernel image
linux-image-server - Linux kernel image on Server Equipment.
linux-image-virtual - Linux kernel image for virtual machines
linux-image-2.6.31-22-generic - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-22-server - Linux kernel image for version 2.6.31 on x86_64
linux-image-2.6.31-22-virtual - Linux kernel image for version 2.6.31 on x86/x86_64
linux-image-2.6.31-307-ec2 - Linux kernel image for version 2.6.31 on x86/x86_64

答案1

您需要加载内核模块来启用过滤表。以 root 身份运行以下命令:

modprobe /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/iptable_filter.ko

uname -r给出当前内核版本)

要获取 iptables 可用模块的列表,请列出包含 iptables 模块的目录:

ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/

获取所有模块的信息:

modinfo /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/*.ko

答案2

原来只是失踪了须藤

sudo iptables-restore < /etc/iptables.rules

代替

iptables-restore < /etc/iptables.rules

答案3

我也使用 Rackspace Cloud,内核为 2.6.35.4-rscloud。我有多个使用此内核的实例,iptables 在某些实例上运行良好,在其他几个实例上我遇到了与您相同的问题。

因此我相信这个内核确实有它所需要的 iptables 支持,而这个问题是由其他原因引起的(我仍在自己寻找解决方案)

编辑:我通过scp -r将内容/lib/modules/2.6.35.4-rscloud从工作iptables服务器复制到非工作服务器来解决了我的问题。

由于某种原因,uname -r显示2.6.35.4-rscloudls /lib/modules/包含以前的版本,例如/lib/modules/2.6.31-302-rs

我不确定为什么这会不同步,或者如果你没有一个可以工作的服务器来复制这些文件该怎么办,但希望这能为你指明正确的方向。

我不需要重新编译内核或类似的东西。

答案4

获得适当 iptables 支持的另一种方法是安装 xtables-addons,虽然你需要很多工具才能使其工作(module-assistant、build-essential 等),但优点是最后你拥有 ipset 和 iptables,并且(在我看来)对于大型复杂规则集,使用 ipset 要好得多

apt-get install xtables-addons-common

apt-get install xtables-addons-source

m-a prepare

m-a build xtables-addons

m-a install xtables-addons

相关内容