Gentoo 使用 iptables 時出現 can't initialize iptables table `filter'

Kernel Support

Check to see if you have kernel support for netfilter / iptables

zgrep -i netfilter /proc/config.gz
 CONFIG_NETFILTER=y

or

grep -i netfilter /usr/src/linux/.config
 CONFIG_NETFILTER=y

If not then

cp /usr/src/linux/.config /etc/linux-config.bak
 emerge sync && USE=symlink
 emerge -nk genkernel gentoo-sourcescd /usr/src/linux
 cp /etc/linux-config.bak /usr/src/linux/.config
 make menuconfig
Linux Kernel Configuration: Netfilter
As for the kernel all you must do is enable iptable support.

Networking  ---->
 Networking options  ---->
 Network Packet Filtering (replaces Ipchains)--->
 Netfilter Configuration

Or
Device Drivers —>

Networking support  --->
 Networking options  --->
 Network packet filtering --->
 IP: Netfilter Configuration  --->
Linux Kernel Configuration: Netfilter
As for kernel 2.6.16 up you have to enable Xtables support first, iptables next

Networking  ---->
 Networking options  ---->
 Network Packet Filtering (replaces Ipchains)--->
 Core Netfilter Configuration ---->
 ["enable"] Netfilter Xtables support (required for ip_tables)
 ["enable"] Netfilter Xtables_Match_State,
 most firewall scripts use state...including the sample here.
 IP: Netfilter Configuration --->
 ["enable"] IP tables support (required for filtering/masq/NAT)
 ["enable"] Packet Filtering
 IPv6: Netfilter Configuration (EXPERIMENTAL)  --->
 IP6 tables support (required for filtering/masq/NAT)

Select the IPv6 option only if you need it.
If you intend to load iptables as a module,

Linux Kernel Configuration: Loadable Module Support
also make sure you have automatic kernel module loading enabled

Loadable module support --->
 [*] Enable loadable module support [ ] ...
 [*]   Automatic kernel module loading

Build the kernel:

make && make modules_install

If you’re just a newbie (hence this guide) then just go ahead and enable all of the options as modules – if you don’t upgrade the kernel you won’t even have to reboot to use iptables. Enable the various target/match support options also.
Because you’ll likely want the iptables module to load every time you boot:

echo "ip_tables" >> /etc/modules.autoload.d/kernel-2.6
 echo "iptable_filter" >> /etc/modules.autoload.d/kernel-2.6
 modules-update

iptables configuration

You’ll need to get the userland utilities. Don’t forget to modprobe ip_tables and modprobe iptable_filter if you have built them as a module.

emerge iptables

About the Author

發表迴響

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料

%d 位部落客按了讚: