升级后未找到模块 ip_tables

tag-icon tag-icon ubuntu iptables kernel upgrade kernel-modules
升级后未找到模块 ip_tables

由于我最近将 Ubuntu 服务器从 20.04 升级到 22.04,因此 Docker 出现了问题。由于模块问题,重启后 Docker 将无法再启动ip_tables

每次重启 Ubuntu 后该ip_tables模块都不可用,lsmod | grep ip仅返回:

multipath              20480  0


$ sudo iptables -L
iptables/1.8.7 Failed to initialize nft: Protocol not supported

重新安装并激活 Linux 内核模块后,ip_tables它便可用于当前启动。下次重新启动时,该模块将再次不可用,必须重新安装并再次激活它才能用于当前启动:

$ sudo apt reinstall linux-modules-$(uname -r)
[...]
Setting up linux-modules-5.15.0-41-generic (5.15.0-41.44) ...
Processing triggers for linux-image-5.15.0-41-generic (5.15.0-41.44) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.15.0-41-generic
/etc/kernel/postinst.d/zz-update-grub:
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-41-generic
Found initrd image: /boot/initrd.img-5.15.0-41-generic
Found linux image: /boot/vmlinuz-5.15.0-40-generic
Found initrd image: /boot/initrd.img-5.15.0-40-generic
Found linux image: /boot/vmlinuz-5.4.0-122-generic
Found initrd image: /boot/initrd.img-5.4.0-122-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
Scanning processes...
Scanning processor microcode...
Scanning linux images...

Running kernel seems to be up-to-date.

The processor microcode seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
$ sudo modprobe ip_tables

此后,ip_tables可以使用以下命令再次找到该模块lsmod

$ lsmod | grep ip
nf_defrag_ipv6         24576  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
ip_tables              32768  0
x_tables               53248  7 xt_conntrack,nft_compat,xt_tcpudp,xt_addrtype,xt_nat,ip_tables,xt_MASQUERADE
multipath              20480  0

并按sudo iptables -L预期返回 IP 表(Docker 再次正常工作)...

将 iptables 的更新选项设置为 legacy,只会导致不同的错误:

$ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
$ sudo iptables -L
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/5.15.0-41-generic
iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

有谁知道出了什么问题,我每次重启后都需要重新安装内核模块?

答案1

我遇到了同样的问题。

下列的这个帖子解决了这个问题。

为了了解哪些内核版本可用,我使用了。

dpkg --list | grep linux-image

答案2

我设法通过以下方式修复它:

apt-get install -y --reinstall linux-image-$(uname -r)-generic linux-image-$(uname -r)-generic

由于某种原因,ip_tables.ko 从 /lib/modules 中消失了,但通过重新安装内核和模块,它们又恢复了。运行后:

modprobe ip_tables

工作正常。

相关内容