On Mon, Sep 16, 2019 at 07:17:01PM +0000, jose.nunez-zuleta@barclays.com wrote:
Hello Eric,
I'm using a custom kernel. Do you know what modules should be available? I see the following with lsmod:
You'll want all the iptables modules. From the errors you gave below at least the one for the "security" table is missing, CONFIG_IP_NF_SECURITY. Don't forget about the ip6tables equivalent, CONFIG_IP6_NF_SECURITY.
There were fixes in v0.6.4 and v0.7.0 that avoid using iptables tables that aren't available. Not all of them a strictly necessary. Maybe you can try upgrading firewalld.
[root@X ~]# lsmod|egrep iptable iptable_nat 16384 0 nf_nat_ipv4 16384 1 iptable_nat iptable_mangle 16384 0 iptable_raw 16384 0
I checked 'https://www.linuxtopia.org/Linux_Firewall_iptables/x651.html' and at least for IP tables the following were required for the Kernel:
CONFIG_PACKET CONFIG_NETFILTER CONFIG_IP_NF_CONNTRACK CONFIG_IP_NF_FTP CONFIG_IP_NF_IRC CONFIG_IP_NF_IPTABLES CONFIG_IP_NF_FILTER CONFIG_IP_NF_NAT CONFIG_IP_NF_MATCH_STATE CONFIG_IP_NF_TARGET_LOG CONFIG_IP_NF_MATCH_LIMIT CONFIG_IP_NF_TARGET_MASQUERADE
But I cannot figure out where is the '.config' file that tells what options were used to compile this kernel.
Sometimes it's available via /proc/config. Otherwise it may be in /boot/config-*.