iptables-persistent fails to install if module iptable_filter is not available
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | iptables-persistent (Debian) |
Fix Released
|
Unknown
|
||
| | iptables-persistent (Ubuntu) |
Undecided
|
Unassigned | ||
Bug Description
In my case, I'm upgrading to Ubuntu 12.04 LTS from Ubuntu 11.10. The machine is hosted at Linode who compiles the netfilter modules into their kernels.
Error occurred during do-release-upgrade and here is the same error from apt-get install iptables-
Setting up iptables-persistent (0.5.3ubuntu2) ...
dpkg: error processing iptables-persistent (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
iptables-
E: Sub-process /usr/bin/dpkg returned an error code (1)
I traced this to /var/lib/
modprobe -q iptable_filter
If iptable_filter is not available as a module, modprobe returns a non-zero exit status which halts execution of the postinst script.
From "man modprobe" in the -q section:
However, it will still return with a non-zero exit status. The kernel uses this to opportunistically probe for modules which might exist using request_module.
Changing the modprobe calls to trap the errors using " || true" worked for me:
modprobe -q iptable_filter || true
Related branches
| Launchpad Janitor (janitor) wrote : | #1 |
| Changed in iptables-persistent (Ubuntu): | |
| status: | New → Confirmed |
| Andreas Rütten (aruetten) wrote : | #2 |
We believe that the bug is fixed in Debian version 0.5.5
| Changed in iptables-persistent (Debian): | |
| status: | New → Fix Committed |
| status: | Fix Committed → Fix Released |
| Changed in iptables-persistent (Debian): | |
| importance: | Undecided → Unknown |
| status: | Fix Released → Unknown |
| Andreas Rütten (aruetten) wrote : | #3 |
The proposed fix of debbug #679840 removes all modprobe calls from the postinst so this would makes this bug obsolete.
| Changed in iptables-persistent (Debian): | |
| status: | Unknown → New |
| Changed in iptables-persistent (Debian): | |
| status: | New → Fix Released |
| Launchpad Janitor (janitor) wrote : | #4 |
This bug was fixed in the package iptables-persistent - 0.5.6ubuntu1
---------------
iptables-persistent (0.5.6ubuntu1) quantal; urgency=low
* Sync on Debian (Fixes LP: #1002078)
* fix LP: #1019857 - flushing nat table fails; Apply patch given in the bug
by Andreas Rütten, thanks! (Closes: #683789)
iptables-persistent (0.5.6) unstable; urgency=low
* [6b6358] Instead of checking on modules, test a working iptables more
directly (Closes: #679840)
* [1db63c] Remove dependency on kmod
-- Micah Gersten <email address hidden> Thu, 23 Aug 2012 22:50:38 -0500
| Changed in iptables-persistent (Ubuntu): | |
| status: | Confirmed → Fix Released |
| Bilge (corporate) wrote : | #5 |
This bug affects me on 12.04 LTS. This bug leaves my package manager throwing errors every time I use apt-get because "1 not fully installed or removed." I don't want to remove it.
At first I received this error:
FATAL: Could not load /lib/modules/
So I ran `sudo depmod -a 3.2.13-
However, I still get errors:
dpkg: error processing iptables-persistent (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
iptables-
E: Sub-process /usr/bin/dpkg returned an error code (1)
Is an SRU is appropriate?
| Robert Pendell (shinji257) wrote : | #6 |
Can we get 0.5.6 backported to 12.04.2 LTS?
| Athir Nuaimi (athir-g) wrote : | #7 |
I would also like to see this backported to 12.04 LTS
| ouss (oussjarrouse) wrote : | #8 |
I am having the same problem on 12.04 LTS. It would be really nice if it was back-ported.
Status changed to 'Confirmed' because the bug affects multiple users.