Sandro Posted February 2, 2016 Report Share Posted February 2, 2016 Hi To All: i've a trouble with ip6tables: The error is ci74771ht ~ # /etc/init.d/ip6tables stop ip6tables | * Saving ip6tables state ... [ ok ] ip6tables | * Your kernel lacks ip6tables support, please load ip6tables | * appropriate modules and try again. ip6tables | * ERROR: ip6tables failed to stop About IPV6 in kernel i have: CONFIG_IPV6=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_IPV6_MIP6=y CONFIG_IPV6_VTI=y CONFIG_IPV6_SIT=y CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=y CONFIG_IPV6_GRE=y CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y CONFIG_IPV6_PIMSM_V2=y CONFIG_IP_VS_IPV6=y CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m CONFIG_NF_TABLES_IPV6=y CONFIG_NFT_CHAIN_ROUTE_IPV6=y CONFIG_NFT_REJECT_IPV6=y CONFIG_NF_REJECT_IPV6=y CONFIG_NF_LOG_IPV6=y CONFIG_NF_NAT_IPV6=m CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m CONFIG_NFT_MASQ_IPV6=m CONFIG_NFT_REDIR_IPV6=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_6LOWPAN_NHC_IPV6=y About Netfilter: ci74771ht ~ # grep -i netfilter /usr/src/linux-4.1.15-gentoo-r1/.config CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_NETFILTER_ADVANCED=y CONFIG_BRIDGE_NETFILTER=y # Core Netfilter Configuration CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_ACCT=y CONFIG_NETFILTER_NETLINK_QUEUE=m CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NETFILTER_NETLINK_QUEUE_CT=y CONFIG_NETFILTER_SYNPROXY=m CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_MARK=y CONFIG_NETFILTER_XT_CONNMARK=m CONFIG_NETFILTER_XT_SET=y CONFIG_NETFILTER_XT_TARGET_AUDIT=y CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m CONFIG_NETFILTER_XT_TARGET_CONNMARK=m CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m CONFIG_NETFILTER_XT_TARGET_CT=m CONFIG_NETFILTER_XT_TARGET_DSCP=m CONFIG_NETFILTER_XT_TARGET_HL=y CONFIG_NETFILTER_XT_TARGET_HMARK=m CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=y CONFIG_NETFILTER_XT_TARGET_MARK=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NETFILTER_XT_TARGET_NETMAP=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m CONFIG_NETFILTER_XT_TARGET_NOTRACK=m CONFIG_NETFILTER_XT_TARGET_RATEEST=y CONFIG_NETFILTER_XT_TARGET_REDIRECT=m CONFIG_NETFILTER_XT_TARGET_TEE=m CONFIG_NETFILTER_XT_TARGET_TPROXY=m CONFIG_NETFILTER_XT_TARGET_TRACE=m CONFIG_NETFILTER_XT_TARGET_SECMARK=m CONFIG_NETFILTER_XT_TARGET_TCPMSS=m CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y CONFIG_NETFILTER_XT_MATCH_BPF=y CONFIG_NETFILTER_XT_MATCH_CGROUP=y CONFIG_NETFILTER_XT_MATCH_CLUSTER=m CONFIG_NETFILTER_XT_MATCH_COMMENT=m CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m CONFIG_NETFILTER_XT_MATCH_CONNMARK=m CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m CONFIG_NETFILTER_XT_MATCH_CPU=y CONFIG_NETFILTER_XT_MATCH_DCCP=m CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y CONFIG_NETFILTER_XT_MATCH_DSCP=y CONFIG_NETFILTER_XT_MATCH_ECN=y CONFIG_NETFILTER_XT_MATCH_ESP=y CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m CONFIG_NETFILTER_XT_MATCH_HELPER=m CONFIG_NETFILTER_XT_MATCH_HL=y CONFIG_NETFILTER_XT_MATCH_IPCOMP=y CONFIG_NETFILTER_XT_MATCH_IPRANGE=y CONFIG_NETFILTER_XT_MATCH_IPVS=m CONFIG_NETFILTER_XT_MATCH_L2TP=y CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=y CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y CONFIG_NETFILTER_XT_MATCH_NFACCT=y CONFIG_NETFILTER_XT_MATCH_OSF=y CONFIG_NETFILTER_XT_MATCH_OWNER=y CONFIG_NETFILTER_XT_MATCH_POLICY=y CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y CONFIG_NETFILTER_XT_MATCH_QUOTA=y CONFIG_NETFILTER_XT_MATCH_RATEEST=y CONFIG_NETFILTER_XT_MATCH_REALM=y CONFIG_NETFILTER_XT_MATCH_RECENT=y CONFIG_NETFILTER_XT_MATCH_SCTP=y CONFIG_NETFILTER_XT_MATCH_SOCKET=m CONFIG_NETFILTER_XT_MATCH_STATE=m CONFIG_NETFILTER_XT_MATCH_STATISTIC=y CONFIG_NETFILTER_XT_MATCH_STRING=y CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_TIME=y CONFIG_NETFILTER_XT_MATCH_U32=y # IP: Netfilter Configuration # IPv6: Netfilter Configuration # DECnet: Netfilter Configuration # iptables trigger is under Netfilter config (LED target) ci74771ht ~ # grep -i netfilter /usr/src/linux-4.1.15-gentoo-r1/.config|grep -i ipv6 # IPv6: Netfilter Configuration How can i do to solve ? :unsure: Thanks for any suggestion :) Link to comment Share on other sites More sharing options...
cardinal Posted February 2, 2016 Report Share Posted February 2, 2016 /etc/init.d/ip6tables : ip6tables) iptables_proc="/proc/net/ip6_tables_names" checkkernel() { if [[ ! -e ${iptables_proc} ]] ; then eerror "Your kernel lacks ${iptables_name} support, please load" eerror "appropriate modules and try again." return 1 fi return 0 } modprobe ip6_tables Creates /proc/net/ip6_tables_names funtoo rj # modinfo ip6-tables filename: /lib/modules/3.16.7-ckt11-1/kernel/net/ipv6/netfilter/ip6_tables.ko description: IPv6 packet filter author: Netfilter Core Team <coreteam@netfilter.org> license: GPL depends: x_tables intree: Y vermagic: 3.16.7-ckt11-1 SMP mod_unload modversions If you don't have ip6_tables kernel module build it with CONFIG_IP6_NF_IPTABLES=m Reference: CONFIG_IP6_NF_IPTABLES: IP6 tables support (required for filtering)General informationThe Linux kernel configuration item CONFIG_IP6_NF_IPTABLES has multiple definitions:IP6 tables support (required for filtering) found in net/ipv6/netfilter/KconfigThe configuration item CONFIG_IP6_NF_IPTABLES:prompt: IP6 tables support (required for filtering)type: tristatedepends on: ( CONFIG_INET && CONFIG_IPV6 ) && ( CONFIG_NETFILTER_ADVANCED = CONFIG_n )defined in net/ipv6/netfilter/Kconfigfound in Linux kernels: 2.6.19?2.6.39, 3.0?3.19, 4.0?4.2, 4.4, 4.5-rc+HEADmodules built: ip6_tables Sandro 1 Link to comment Share on other sites More sharing options...
Sandro Posted February 3, 2016 Author Report Share Posted February 3, 2016 Ok, i've: ci74771ht ~ # find /lib/modules/ -iname *ip6_tables* /lib/modules/4.1.15-gentoo-r1/kernel/net/ipv6/netfilter/ip6_tables.ko ci74771ht ~ # Then the module isn't "autoloaded". ci74771ht ~ # modprobe ip6_tables ci74771ht ~ # /etc/init.d/ip6tables stop ip6tables | * Saving ip6tables state ... [ ok ] ip6tables | * Stopping firewall ... [ ok ] ci74771ht ~ # Ok ... module ip6_tables "added" in /etc/conf.d/modules. Solved !!!!!!! Thanks very much. Sandro 1 Link to comment Share on other sites More sharing options...
cardinal Posted February 3, 2016 Report Share Posted February 3, 2016 OpenRC Autoload ip6_tables On Boot nano /etc/conf.d/modules modules="ip6_tables" Link to comment Share on other sites More sharing options...
Sandro Posted February 5, 2016 Author Report Share Posted February 5, 2016 Exactly Cardinal .... i've made that. Thanks Great :) Link to comment Share on other sites More sharing options...
Recommended Posts