I’ve got a Mythic Beasts Raspberry Pi with Debian (Raspbian variant) Buster and have noticed the sympl firewall cron/command is giving an error:
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
sympl-firewall: Firewall script failed.
sympl-firewall: Flushing /sbin/iptables rules and chains.
sympl-firewall: Flushing /sbin/ip6tables rules and chains.
sympl-firewall: Restoring old iptables rules and chains.
sympl-firewall: Restoring old ip6tables rules and chains.
sympl-firewall: Left firewall script in /tmp/user/0/sympl-firewall-20190812-12004-16igwm5-saved for inspection.
This looks like a bug triggered by changes to the iptables package in Buster, as they swapped to nftables, and should be reasonably easy to fix (at least in the short term).
Odd that it wasn’t noticed in testing, but I’ll get it fixed ASAP.
Hi @smsm1, I’ve just pushed a new version out on the testing branch.
If you arent already on it, swap to buster-testing in /etc/apt/sources.list.d/sympl_buster.list and run sympl update, and fingers crossed that should fix it for you.
I’ve upgraded to buster-testing, updated, dist-upgraded, and I’m now getting the following output:
sympl@vps2:/var/log$ sudo /usr/sbin/sympl-firewall
sympl-firewall: Firewall script failed.
sympl-firewall: Flushing /sbin/iptables rules and chains.
sympl-firewall: Flushing /sbin/ip6tables rules and chains.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
sympl-firewall: Restoring old iptables rules and chains.
sympl-firewall: Left firewall script in /tmp/user/0/sympl-firewall-20190816-23795-hydknl-saved for inspection.
Looking in the firewall script left behind I’m wondering if there’s an issue around the kernel due to:
sympl@vps2:/var/log$ /sbin/modprobe iptable_filter
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.57-v7+/modules.dep.bin'
modprobe: FATAL: Module iptable_filter not found in directory /lib/modules/4.19.57-v7+
sympl@vps2:/var/log$ /sbin/modprobe nf_conntrack
modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.57-v7+/modules.dep.bin'
modprobe: FATAL: Module nf_conntrack not found in directory /lib/modules/4.19.57-v7+
The kernel version dir is empty, whilst others seem to contain data: