Hello Debian firewall'ers, I have a question that hopefully someone on this list could answer. My Debian testing machine (uptodate, kernel 2.6.8) doesn't seem be able to start lokkit during boot. I removed all the rc?.d/*lokkit links and tried to set it up manually with these results:
luppakorva:~# lsmod | grep ipt luppakorva:~# /etc/init.d/lokkit start Starting basic firewall rules: iptables v1.2.9: can't initialize iptables table `filter': iptables who? (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. ip_tables: (C) 2000-2002 Netfilter core team iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name failed. luppakorva:~# lsmod | grep ipt iptable_filter 2880 0 ip_tables 18464 1 iptable_filter luppakorva:~# /etc/init.d/lokkit start Starting basic firewall rules: lokkit. To me it seems that the first '/etc/init.d/lokkit start' fails but starts the automatic module loading process, and the following 'lokkit start' works as expected. Is this a bug in iptables or lokkit scripts, or both? I think that iptables should block until all the required modules are loaded, so the correct place to fix this (and assign an error?) would be iptables and not the lokkit scripts, which might of course call 'iptables -L' or something similar to load the modules before loading the actual firewall rules. Any other ideas or pointers? -Mikko
