After upgrading to 10.04 LTS I cannot get my firewall to function properly. Whenever I attempt to configure and start it I get the following chain of errors:

Restarting Arno's Iptables Firewall... /sbin/modprobe ip_tables: Module not found! Assuming compiled-in-kernel!
 modprobe nf_conntrack WARNING: (1) Module(s) "nf_conntrack
ip_conntrack" failed to load. Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "nf_conntrack_ftp ip_conntrack_ftp" failed to load. Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "xt_conntrack ipt_conntrack" failed to load. Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "xt_limit ipt_limit" failed to load. Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "xt_state ipt_state" failed to load. Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "xt_multiport ipt_multiport" failed to load. Assuming compiled-in-kernel!
 /sbin/modprobe iptable_filter: Module not found! Assuming compiled-in-kernel!
 /sbin/modprobe iptable_mangle: Module not found! Assuming compiled-in-kernel!
 /sbin/modprobe ipt_REJECT: Module not found! Assuming compiled-in-kernel!
 /sbin/modprobe ipt_LOG: Module not found! Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "xt_TCPMSS ipt_TCPMSS" failed to load. Assuming compiled-in-kernel!
 WARNING: (1) Module(s) "xt_DSCP ipt_DSCP ipt_TOS" failed to load. Assuming compiled-in-kernel!
  /sbin/iptables: (1) iptables: No chain/target/match by that name.
[REPEATS SEVERAL TIMES]
Jun 28 13:17:19 WARNING: Not all firewall rules are applied.
FAILED!
invoke-rc.d: initscript arno-iptables-firewall, action "restart" failed.
dpkg: error processing arno-iptables-firewall (--configure):
 subprocess installed post-installation script returned error exit status 1

I tried completely removing and reinstalling arno, but with no effect. I have a very simple configuration, done entirely through debconf.

Any help would be greatly appreciated!

When a linux kernel is compiled, you have the option of having functionality like iptables compiled in, or added later as a module.

The warnings are probably a red herring. iptables is so basic that it is usually compiled into the kernel rather than added as a module.

You can preform a sanity check by looking for the iptables modules and making sure they aren't there

lsmod | grep ipt

The command should return nothing.

Then make sure it is in the kernel by running sample iptables commands. For example:

iptables -L

Once you're certain iptables is working, then the problem lies in arno's iptables rules. Possibly their syntax has changed and they've renamed chains or targets. This is the error that is probably causing you problems:

/sbin/iptables: (1) iptables: No chain/target/match by that name.
[REPEATS SEVERAL TIMES]
Jun 28 13:17:19 WARNING: Not all firewall rules are applied.
FAILED!

You have a misnamed chain or target. I've never used arno, but if you rebuild your firewall with dpkg-reconfigure it should get built with the correct names.

the chain/target/match names are like variable names - they can be arbitrarily defined from one configuration to another. You can check the difference between configurations by using

iptables -L

and

iptables-save

Thanks for the great reply. My sanity checks all turned out fine. It seems like it's a problem with arno, but who knows. My needs are pretty basic, so I tried out UFW and it is working without problems.

Hi, I'm having the same problem. I think I'm going to do what you did and try UFW instead. Could someone please tell me how I go about uninstalling arnos-iptables so I can start fresh with UFW?

I'm a super newbie, so please be gentle!

$ sudo apt-get purge arno-iptables-firewall
$ sudo apt-get install ufw

Intro on using ufw at https://help.ubuntu.com/10.04/servergui ... ewall.html

Thanks Much appreciated. I did know that was the command for removing a package but I wasn't sure if it was that simple or if there was something more I needed to do, so that's great!