On Wed, 19 Jul 2006 09:11:08 +0300 chavdar <[EMAIL PROTECTED]> wrote:
> Dear List, > > I am running Debian unstable. My current kernel is 2.6.12 and it is my > own custom build. Following the recent security advisories, last > night I decided to upgrade my kernel. I downloaded the Debian source > for 2.6.17 and did my build as usual with the following commands: > > # make-kpkg clean > # make-kpkg --append-to-version -update17072006 --config oldconfig > kernel_image > > I installed my new kernel just as usual, rebooted and to my surprise > during the boot I received a long list of the following errors: > > iptables v1.2.11: can't initialize iptables table `filter': iptables > who? (do you need to insmod?) > Perhaps iptables or your kernel needs to be upgraded. > > I felt like in a nightmare, because I highly depend on my iptables for > my environment .This is a home machine and my connection is not NAT-ed > by the ISP, so I am exposed to the world. > The first thing I did was to update iptables. Nothing changed. > I checked the kernel config again: > > # make menuconfig > > I found out that most of the netfilter options are gone and that there > are a couple of new options which I had already changed during the > oldconfig: > > CONFIG_NETFILTER=y > # CONFIG_NETFILTER_DEBUG is not set > CONFIG_BRIDGE_NETFILTER=y > # CONFIG_NETFILTER_NETLINK is not set > CONFIG_NETFILTER_XTABLES=y > CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y > CONFIG_NETFILTER_XT_TARGET_MARK=y > CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y > CONFIG_NETFILTER_XT_MATCH_COMMENT=y > CONFIG_NETFILTER_XT_MATCH_CONNMARK=y > CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y > CONFIG_NETFILTER_XT_MATCH_DCCP=y > CONFIG_NETFILTER_XT_MATCH_ESP=y > CONFIG_NETFILTER_XT_MATCH_HELPER=y > CONFIG_NETFILTER_XT_MATCH_LENGTH=y > CONFIG_NETFILTER_XT_MATCH_LIMIT=y > CONFIG_NETFILTER_XT_MATCH_MAC=y > CONFIG_NETFILTER_XT_MATCH_MARK=y > CONFIG_NETFILTER_XT_MATCH_POLICY=y > CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y > CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y > CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y > CONFIG_NETFILTER_XT_MATCH_REALM=y > CONFIG_NETFILTER_XT_MATCH_SCTP=y > CONFIG_NETFILTER_XT_MATCH_STATE=y > CONFIG_NETFILTER_XT_MATCH_STRING=y > CONFIG_NETFILTER_XT_MATCH_TCPMSS=y > CONFIG_BRIDGE_EBT_T_FILTER=y > CONFIG_PPP_FILTER=y > > And that was all. Nothing else from the usual Netfilter options that I > used to configure previously. > > I started googling and only found out that there was a re-design of > the Netfilter code in the kernel for 2.6.16 and that if I had all of > the above options enabled, everything would be OK again. Not for me, > though. > > What else am I missing and how can I get through that and my iptables > up again? > > Your help will be highly appreciated, for at the moment I am desperate > and very disappointed. > > Best regards > > Chavdar Videff Under Networking --> Networking Options --> Network Packet Filtering --> IP: Network Configuration: Do you have "IP Tables Support" (CONFIG_IP_NF_IPTABLES) turned on? I have this, and all the sub-items turned on. As I recall, this broke for me in going from 2.6.15 to 2.6.16. Clayton -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
