8000 Netfilter modules missing in version 18.09.05 · Issue #1389 · boot2docker/boot2docker · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
This repository was archived by the owner on Jan 1, 2021. It is now read-only.

Netfilter modules missing in version 18.09.05 #1389

Closed
borjator opened this issue Apr 25, 2019 · 4 comments
Closed

Netfilter modules missing in version 18.09.05 #1389

borjator opened this issue Apr 25, 2019 · 4 comments

Comments

@borjator
Copy link
8000
borjator commented Apr 25, 2019
edited
Loading

Hi,

I'm running boot2docker 18.09.5 and I have issues with the iptables-save and iptables-restore commands used by Rancher to set up port forwarding when deploying stacks:

iptables-restore v1.6.0: iptables-restore: unable to initialize table 'raw'
[...]
iptables-restore v1.6.0: Kernel module xt_set is not loaded in.

As in #1374 I miss a lot of iptables-related modules (for instance xt_set.ko):

# ls /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/
ipt_MASQUERADE.ko          nf_log_arp.ko
ipt_REJECT.ko              nf_log_ipv4.ko
iptable_filter.ko          nf_nat_ipv4.ko
iptable_nat.ko             nf_nat_masquerade_ipv4.ko

Am I missing something?
@borjator
Copy link
Author

I think the netfilter TCL extension is missing. I've tried to install it manually but the modules don't load and if I reboot the package is gone.

@tianon
Copy link
Contributor
tianon commented Apr 25, 2019

We don't use the kernel from Tiny Core Linux -- we build our own (especially since Docker is fairly dependent on kernel functionality).

The Netfilter bits we have currently come directly from Docker's requirements:

boot2docker/files/kernel-config.d/docker

Lines 53 to 56 in 02c9101

CONFIG_NETFILTER_ADVANCED=y
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_IPVS=m

If we ought to add more, there needs to be a reasonable case made for their usefulness and something like Debian's kernel configuration to give us a credible list of which ones are sane for us to do so with.

@borjator
Copy link
Author
borjator commented May 9, 2019

I have added a PR with the list of modules required by Rancher: #1391

@borjator borjator reopened this May 15, 2019
@borjator
Copy link
Author

Since the PR has been merged I'll close the issue.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tianon @borjator
0