On 9/8/2016 2:21 PM, Tom Eastep wrote: > > > On 09/07/2016 07:05 PM, Tom Eastep wrote: > >> On 09/07/2016 05:31 PM, Richard B. Pyne wrote: >>> >>> >>> >>> # iptables -A foo -m conntrack --ctstate ESTABLISHED -j ACCEPT >>> iptables v1.4.21: can't initialize iptables table `filter': Table >>> does not exist (do you need to insmod?) Perhaps iptables or your >>> kernel needs to be upgraded. >>> >>> # iptables -A foo -m state --state ESTABLISHED -j ACCEPT iptables >>> v1.4.21: can't initialize iptables table `filter': Table does not >>> exist (do you need to insmod?) Perhaps iptables or your kernel >>> needs to be upgraded. >>> >> >> There is something very wrong with your installation. It looks as if >> module autoloading is disabled? >> > > If you have LOAD_HELPERS_ONLY=Yes in shorewall.conf, it may help if you > switch to LOAD_HELPERS_ONLY=No.
As it turned out, it was a kernel versioning issue at Digital Ocean. I didn't have the /lib/modules for the kernel version they were loading on boot. This update moved me to shorewall 5.0.8.2 which has introduced an whole new set of control file compatibility issues trying to use my config files that have been stable and working for more than a decade. I am not a fan of the changes in blacklisting. The old blacklist file was clean, straight forward, and easy to maintain. The change also makes it very difficult to share blacklists among servers running various versions of shorewall. --Richard --Richard ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
