On Mon, Sep 16, 2019 at 07:17:01PM +0000, jose.nunez-zuleta(a)barclays.com wrote:
Hello Eric,
I'm using a custom kernel. Do you know what modules should be available? I see the
following with lsmod:
You'll want all the iptables modules. From the errors you gave below at
least the one for the "security" table is missing,
CONFIG_IP_NF_SECURITY. Don't forget about the ip6tables equivalent,
CONFIG_IP6_NF_SECURITY.
There were fixes in v0.6.4 and v0.7.0 that avoid using iptables tables
that aren't available. Not all of them a strictly necessary. Maybe you
can try upgrading firewalld.
[root@X ~]# lsmod|egrep iptable
iptable_nat 16384 0
nf_nat_ipv4 16384 1 iptable_nat
iptable_mangle 16384 0
iptable_raw 16384 0
I checked 'https://www.linuxtopia.org/Linux_Firewall_iptables/x651.html' and at
least for IP tables the following were required for the Kernel:
CONFIG_PACKET
CONFIG_NETFILTER
CONFIG_IP_NF_CONNTRACK
CONFIG_IP_NF_FTP
CONFIG_IP_NF_IRC
CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_FILTER
CONFIG_IP_NF_NAT
CONFIG_IP_NF_MATCH_STATE
CONFIG_IP_NF_TARGET_LOG
CONFIG_IP_NF_MATCH_LIMIT
CONFIG_IP_NF_TARGET_MASQUERADE
But I cannot figure out where is the '.config' file that tells what options were
used to compile this kernel.
Sometimes it's available via /proc/config. Otherwise it may be in
/boot/config-*.