4

I was reading this: https://help.ubuntu.com/community/IptablesHowTo#Allowing_Established_Sessions

It says "If the line above doesn't work, you may be on a castrated VPS whose provider has not made available the extension".

So how do I tell if the extension is actually available and enabled? Just because an extension is listed in the iptables-extensions manpage doesn't mean it's actually available and enabled, does it?

Kal
  • 659
  • 2
  • 11
  • 20

1 Answers1

3

One way is to look at the files available:

# See which kernel modules are available
ls /lib/modules/`uname -r`/kernel/net/netfilter/

# See which iptables extensions are available
ls /usr/lib/iptables/

The filenames have a prefix and suffix, but you can just ignore that when looking for a particular module.

Malvineous
  • 2,501
  • 2
  • 26
  • 35
  • I'm running Ubuntu 15.04 on a Linode instance. `uname -r` is "3.19.1-x86_64-linode53", and `/lib/modules/3.19.1-x86_64-linode53` is basically empty. There is, however, the `/lib/modules/3.19.0-15-generic/kernel/net/netfilter` directory, which has the kernel module files. Not sure how that works for me. – Kal Apr 26 '15 at 05:07
  • 1
    This works on any Linux machine. I have a Linode instance myself (running Debian) and I just checked and I don't have any modules there either. It looks like Linode just compile everything into the kernel. – Malvineous Apr 26 '15 at 05:10
  • 1
    Ok, so I'm able to tell what modules are compiled statically into Linode's custom kernel by doing this: http://superuser.com/a/577485/150532. This could be useful to other people. – Kal Apr 26 '15 at 07:57