I can’t get ip_tables kernel module to work within my container. I need it for ufw.
Setting incus config set test-1 linux.kernel_modules ip_tables makes no difference (after having it rebooted).
incus config show --expanded test-1:
output
architecture: x86_64
config:
boot.autostart: "true"
image.architecture: amd64
image.description: Fedora 40 amd64 (20250303_20:33)
image.os: Fedora
image.release: "40"
image.serial: "20250303_20:33"
image.type: squashfs
image.variant: default
linux.kernel_modules: ip_tables
security.privileged: "true"
volatile.base_image: 757496284d5205fd3d470de4be533fd968e23f84c9c390e66e9db12c287a6c3b
volatile.cloud-init.instance-id: b554e4f6-95c9-4a3b-b592-c5e6c1b926c3
volatile.eth0.host_name: vetha3b4f20c
volatile.eth0.hwaddr: 00:16:3e:77:bd:54
volatile.idmap.base: "0"
volatile.idmap.current: '[]'
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
volatile.last_state.ready: "false"
volatile.uuid: 82494bdd-3bf8-4217-9f36-eca54260ae3a
volatile.uuid.generation: 82494bdd-3bf8-4217-9f36-eca54260ae3a
devices:
eth0:
name: eth0
network: incusbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
incus exec test-1 -- modprobe ip_tables:
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.12.9-100.fc40.x86_64
incus_exec test-1 cat /proc/modules | grep ip_:
ip_tables 28672 0 - Live 0x0000000000000000
/lib/modules is empty in the container.
On the host; modinfo ip_tables:
output
filename: /lib/modules/6.12.9-100.fc40.x86_64/kernel/net/ipv4/netfilter/ip_tables.ko.xz
description: IPv4 packet filter
author: Netfilter Core Team <coreteam@netfilter.org>
license: GPL
depends:
intree: Y
name: ip_tables
retpoline: Y
vermagic: 6.12.9-100.fc40.x86_64 SMP preempt mod_unload
sig_id: PKCS#7
signer: Fedora kernel signing key
sig_key: 4C:B4:D4:BE:CE:75:80:72:76:1D:8F:CE:51:3B:86:EB:26:66:2C:EC
sig_hashalgo: sha256
signature: 63:7F:C5:28:E1:87:F2:6F:A2:4F:F2:90:5E:DC:66:F0:5A:9B:BB:61:
05:D7:7F:B7:57:F0:E9:75:93:B4:06:78:CA:7F:0D:5E:3D:97:7F:B4:
B7:A0:8E:50:7F:E7:E7:90:E2:67:5B:F7:27:C4:61:E2:8A:4B:47:13:
84:5C:C0:87:1B:F6:02:1B:53:E7:23:AD:E4:7D:10:70:47:64:E5:62:
57:14:C8:DF:89:0E:3F:C5:F9:66:68:6B:AF:B3:4D:C7:AB:76:82:CE:
E2:45:1D:98:49:A7:96:CF:11:4A:75:F9:B1:70:C4:78:6C:4B:88:1C:
EE:04:71:91:8B:CA:C9:D0:EE:E1:9D:BA:3B:32:F1:63:E0:DD:3A:C6:
3E:F1:EE:A4:D3:76:63:3B:57:D2:68:85:AB:21:DD:63:E9:20:9F:DF:
F0:49:85:F9:93:00:AF:8D:4E:AF:E8:86:2F:4C:B5:D5:1B:4E:20:5F:
BA:05:35:63:86:5C:53:44:FA:CD:56:DB:4C:1B:75:17:01:BF:8D:4B:
99:56:D4:07:C3:0F:F8:A2:1D:02:AD:6C:E7:C4:F4:06:BD:DC:E2:F4:
1E:B1:D4:1B:61:05:C8:2E:EB:85:2B:4C:AC:5E:1A:04:F0:C3:45:D3:
62:9C:6C:0B:B9:E6:57:DF:EF:29:85:11:61:F5:D0:7B:0F:52:E5:0A:
5C:1D:03:07:97:0D:56:F7:CA:57:46:CF:D8:75:FA:41:8C:50:49:BA:
36:64:28:30:5F:A7:52:E9:E8:AB:85:2F:35:CE:29:EA:56:8D:18:D5:
16:52:B9:A1:DB:DA:0E:3A:CC:91:42:F4:10:E4:B4:07:55:2C:8C:1A:
1E:B1:88:71:FF:74:5F:80:ED:E7:95:1D:72:51:A8:0C:84:0F:9E:0F:
91:B7:A0:E4:3B:04:34:D9:61:CE:B7:E9:8B:F5:FA:46:BC:D1:4D:C5:
A9:51:43:A3:06:0D:21:07:C8:C4:DB:29:AB:BA:6D:3F:22:84:70:2B:
EA:0D:B7:DF:E5:7B:42:F0:11:8B:74:15:2D:34:72:C8:FD:AB:6F:10:
5A:8D:92:B4:B2:74:58:55:A2:4A:49:C7:74:8C:37:2C:8C:9F:0E:26:
53:F4:4F:5E:40:02:81:90:E8:A6:DE:71:7B:41:97:82:A9:11:0E:F6:
A4:10:2C:60:16:D3:B4:76:38:4C:D1:0A:BA:BA:0D:27:17:84:AF:50:
5B:B4:DE:5C:BB:E7:99:35:C5:D8:AE:85:43:7F:50:59:8E:FC:3D:E7:
59:87:14:99:1A:1D:79:F1:AD:0F:61:F6:BF:9E:6D:11:33:46:95:C8:
B6:D2:68:88:FB:1B:6E:A6:F2:58:EA:54
These didn’t help:
It’s privileged btw because I want access to tun interfaces (I might make it unprivileged once I figure it out how to do it without).
