Hello Florian, On Thu, Aug 22, 2024 at 03:20:22PM +0200, Florian Westphal wrote: > Breno Leitao <leitao@xxxxxxxxxx> wrote: > > On Thu, Aug 22, 2024 at 01:23:39PM +0200, Florian Westphal wrote: > > In certain environments, iptables needs to run, but there is *no* > > permission to load modules. > > > > For those cases, I have CONFIG_IP6_NF_IPTABLES configured as y in > > previous kernels, and now it becomes a "m", which doesn't work because > > iptables doesn't have permission to load modules, returning: > > > > $ ip6tables -L > > modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/.... > > ip6tables v1.8.10 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?) > > Perhaps ip6tables or your kernel needs to be upgraded. > > Hmm, but how can that work? If you can't load modules, you can't load > ip6t_filter either. This happens inside a container that has no support for module loading, and expects the tables to be =y. > And if thats builtin, then IP6_NF_IPTABLES_LEGACY is supposed to become > =y too. Correct, both of them (IP6_NF_IPTABLES_LEGACY and IP_NF_IPTABLES_LEGACY) was able to be user selectable, and they are not anymore, causing this behaviour change. Thanks for your support, --breno
