[SOLVED] iptables: Couldn't load `REJECT':No such file or directory

daba · 2020-06-21 01:45:45

Something seems broken with my iptables or I'm just a gigantic clown:

user@host:~ % sudo iptables -A CUSTOM-CHAIN -j REJECT                                                                                                  i
iptables v1.8.5 (legacy): Couldn't load target `REJECT':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.

What am I doing wrong?

Last edited by daba (2020-06-21 21:25:22)

paulkerry · 2020-06-21 13:42:45

Please post your iptables config file using

iptables -S

It could simply be that you've forgotten to create your "CUSTOM-CHAIN" before trying to populate it - have you done...

iptables -N CUSTOM-CHAIN

Last edited by paulkerry (2020-06-21 14:12:51)

daba · 2020-06-21 20:43:48

Thank you for response Paul.

No, sadly that's not it. I have created the custom chain. If I replace REJECT with DROP in the exact same command it works just fine. Some other iptables extensions do not seem to be working correctly either, e.g. -m comment --comment "Some Comment". They will fail with a similar error message (complaining about their respective module obviously).

I checked /lib/xtables/ and the *.so files seem to all be present (e.g. /lib/xtables/libipt_REJECT.so and /lib/xtables/libxt_comment.so).

Any chance that iptables is looking in a different path or using a naming scheme for the modules and fails to find them here? Any way for me to check this?

Last edited by daba (2020-06-21 20:44:49)

daba · 2020-06-21 21:04:09

I tried answering that question myself and tried reading up how dynamic libraries are loaded.

As far as I understand, stuff under /lib *should* be in the library search path by default.. Some things I find noteworthy though:

RPATH of iptables doesn't seem to be set:

% objdump -x $(which iptables) | grep RPATH
%

LD_LIBRARY_PATH is empty

% echo $LD_LIBRARY_PATH

%

/etc/ld.so.conf.d/ is empty.

% ls /etc/ld.so.conf.d
%

/etc/ld.so.conf only pulls in /etc/ld.so.conf.d/* (which is empty)

% cat /etc/ld.so.conf
# Dynamic linker/loader configuration.
# See ld.so(8) and ldconfig(8) for details.

include /etc/ld.so.conf.d/*.conf
%

I'm not sure if either of these are expected, but adding /lib/xtables to LD_LIBRARY_PATH for the iptables invocation seems to be fixing the issue.

daba · 2020-06-21 21:24:29

I added /lib/xtables to a file in /etc/ld.so.conf.d and now iptables continues to find all the modules after a reboot.

paulkerry · 2020-06-22 10:25:40

daba wrote:

I added /lib/xtables to a file in /etc/ld.so.conf.d and now iptables continues to find all the modules after a reboot.

My concern is that you shouldn't have to do that.
If I were you, I'd verify the iptables package via the relevant pacman command and as you've not mentioned the kernel you are using, investigate that as well.

Arch Linux

#1 2020-06-21 01:45:45

[SOLVED] iptables: Couldn't load `REJECT':No such file or directory

#2 2020-06-21 13:42:45

Re: [SOLVED] iptables: Couldn't load `REJECT':No such file or directory

#3 2020-06-21 20:43:48

Re: [SOLVED] iptables: Couldn't load `REJECT':No such file or directory

#4 2020-06-21 21:04:09

Re: [SOLVED] iptables: Couldn't load `REJECT':No such file or directory

#5 2020-06-21 21:24:29

Re: [SOLVED] iptables: Couldn't load `REJECT':No such file or directory

#6 2020-06-22 10:25:40

Re: [SOLVED] iptables: Couldn't load `REJECT':No such file or directory

Board footer