iptables-persistent fails to install if module iptable_filter is not available

Bug #1002078 reported by benparker on 2012-05-20
66
This bug affects 13 people
Affects Status Importance Assigned to Milestone
iptables-persistent (Debian)
Fix Released
Unknown
iptables-persistent (Ubuntu)
Undecided
Unassigned

Bug Description

In my case, I'm upgrading to Ubuntu 12.04 LTS from Ubuntu 11.10. The machine is hosted at Linode who compiles the netfilter modules into their kernels.

Error occurred during do-release-upgrade and here is the same error from apt-get install iptables-persistent:

Setting up iptables-persistent (0.5.3ubuntu2) ...
dpkg: error processing iptables-persistent (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 iptables-persistent
E: Sub-process /usr/bin/dpkg returned an error code (1)

I traced this to /var/lib/dpkg/info/iptables-persistent.postinst and the following modprobe:
modprobe -q iptable_filter

If iptable_filter is not available as a module, modprobe returns a non-zero exit status which halts execution of the postinst script.

From "man modprobe" in the -q section:
However, it will still return with a non-zero exit status. The kernel uses this to opportunistically probe for modules which might exist using request_module.

Changing the modprobe calls to trap the errors using " || true" worked for me:
modprobe -q iptable_filter || true

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in iptables-persistent (Ubuntu):
status: New → Confirmed
Andreas Rütten (aruetten) wrote :

We believe that the bug is fixed in Debian version 0.5.5

Changed in iptables-persistent (Debian):
status: New → Fix Committed
status: Fix Committed → Fix Released
Changed in iptables-persistent (Debian):
importance: Undecided → Unknown
status: Fix Released → Unknown
Andreas Rütten (aruetten) wrote :

The proposed fix of debbug #679840 removes all modprobe calls from the postinst so this would makes this bug obsolete.

Changed in iptables-persistent (Debian):
status: Unknown → New
Changed in iptables-persistent (Debian):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package iptables-persistent - 0.5.6ubuntu1

---------------
iptables-persistent (0.5.6ubuntu1) quantal; urgency=low

  * Sync on Debian (Fixes LP: #1002078)
  * fix LP: #1019857 - flushing nat table fails; Apply patch given in the bug
    by Andreas Rütten, thanks! (Closes: #683789)

iptables-persistent (0.5.6) unstable; urgency=low

  * [6b6358] Instead of checking on modules, test a working iptables more
    directly (Closes: #679840)
  * [1db63c] Remove dependency on kmod
 -- Micah Gersten <email address hidden> Thu, 23 Aug 2012 22:50:38 -0500

Changed in iptables-persistent (Ubuntu):
status: Confirmed → Fix Released
Bilge (corporate) wrote :

This bug affects me on 12.04 LTS. This bug leaves my package manager throwing errors every time I use apt-get because "1 not fully installed or removed." I don't want to remove it.

At first I received this error:
FATAL: Could not load /lib/modules/3.2.13-grsec-xxxx-grs-ipv6-64/modules.dep: No such file or directory

So I ran `sudo depmod -a 3.2.13-grsec-xxxx-grs-ipv6-64`

However, I still get errors:
dpkg: error processing iptables-persistent (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 iptables-persistent
E: Sub-process /usr/bin/dpkg returned an error code (1)

Is an SRU is appropriate?

Robert Pendell (shinji257) wrote :

Can we get 0.5.6 backported to 12.04.2 LTS?

Athir Nuaimi (athir-g) wrote :

I would also like to see this backported to 12.04 LTS

ouss (oussjarrouse) wrote :

I am having the same problem on 12.04 LTS. It would be really nice if it was back-ported.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.