What's with this error?
janina at rednote.net
Wed Dec 4 14:06:17 EST 2002
For the record, here's the response from the mid-atlantic linux list that I need to check out:
I should preface this by saying the experience I have with either Woody
or DEC Alpha's is only slightly above none. I've got even less for
apt-get & endoshield (I just write my scripts by hand).
However, I do know that Netfilter -- because it's part of the kernel --
can not be updated via any sort of patch or update program (e.g. RPM or,
as I understand it, apt-get.) You have to get the source & recompile
your kernel to update Netfilter (the hooks in the kernel) & you'll also
want to update iptables (the userland command.) Judging by your error,
which mentions iptables v1.2.6a, it looks like your Netfilter/iptables
needs updating (1.2.7a is current -- take a look at www.netfilter.org,
they've also got some great how-to's there.)
Also note that you can end up with multiple versions of iptables on the
same box -- watch where you put it, and make sure to use the right one
for the kernel you boot. [That one cost me a little hair first time
Toby Fisher writes:
> From: Toby Fisher <toby at tjfisher.co.uk>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Mon, 2 Dec 2002, Janina Sajka wrote:
> > I'm trying to setup some firewalling rules using the endoshield script.
> > This is on a DEC Alpha running Debian Woody with the 2.4.20 kernel. I'm
> > fully updated based on apt-get.
> > When I run the script I get:
> > /lib/modules/2.4.20/kernel/net/ipv4/netfilter/ip_tables.o: insmod
> > ip_tables failed
> > iptables v1.2.6a: can't initialize iptables table `filter': iptables
> > who? (do you need to insmod?)
> > This happens whatever I do to /etc/init.d/iptables. -- halt, stop,
> > start, etc. Actually, "start" doesn't work, complains about an "unknown
> > rule set."
> > If I try to modprobe ip_tables, I get the same error. If I try rmmod,
> > I'm told it isn't loaded, and indeed, it doesn't show with lsmod.
> Sounds like you've got iptables compiled straight into the kernel, just
> edit the script and comment out the lines that try to load the iptables
> module. This is done so that people can have a system using either
> iptables or ipchains. I had a similar problem, but a few comments in the
> right places means that it now runs error-free.
> - --
> Toby Fisher Email: toby at tjfisher.co.uk
> Tel.: +44(0)1480 417272 Mobile: +44(0)7974 363239
> ICQ: #61744808
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.fsf.org/philosophy/no-word-attachments.html
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
> -----END PGP SIGNATURE-----
> Speakup mailing list
> Speakup at braille.uwo.ca
Janina Sajka, Director
Technology Research and Development
Governmental Relations Group
American Foundation for the Blind (AFB)
Email: janina at afb.net Phone: (202) 408-8175
More information about the Speakup