# IPtables [NEED HELP]

## sleepingsun

After i upgrade kernel 4.14.78-gentoo

```
 /etc/init.d/iptables restart

 * Loading iptables state and starting firewall ...

iptables-restore v1.6.1: iptables-restore: unable to initialize table 'security'

Error occurred at line: 2

Try `iptables-restore -h' or 'iptables-restore --help' for more informati [ !! ]

 * ERROR: iptables failed to start
```

howto fix this please i recompile few times kernel please help

[Moderator edit: changed [quote] tags to [code] tags to preserve output layout. -Hu]

----------

## bunder

Can we see iptables -L or iptables-save ?

edit: I'm a doofus, we need the rules its trying to load

----------

## sleepingsun

 *Quote:*   

> iptables -L

 

```
Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

```

iptables-save

```
# Generated by iptables-save v1.6.1 on Wed Nov 14 20:50:18 2018

*raw

:PREROUTING ACCEPT [4411:604302]

:OUTPUT ACCEPT [5244:816375]

COMMIT

# Completed on Wed Nov 14 20:50:18 2018

# Generated by iptables-save v1.6.1 on Wed Nov 14 20:50:18 2018

*nat

:PREROUTING ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed on Wed Nov 14 20:50:18 2018

# Generated by iptables-save v1.6.1 on Wed Nov 14 20:50:18 2018

*mangle

:PREROUTING ACCEPT [4412:604342]

:INPUT ACCEPT [3920:432182]

:FORWARD ACCEPT [460:170116]

:OUTPUT ACCEPT [5254:817655]

:POSTROUTING ACCEPT [5789:997545]

COMMIT

# Completed on Wed Nov 14 20:50:18 2018

# Generated by iptables-save v1.6.1 on Wed Nov 14 20:50:18 2018

*filter

:INPUT ACCEPT [3920:432182]

:FORWARD ACCEPT [460:170116]

:OUTPUT ACCEPT [5254:817655]

COMMIT

# Completed on Wed Nov 14 20:50:18 2018

```

i cant find this in kernel IP_NF_SECURITY maybe its problem to start iptables

----------

## Hu

 *sleepingsun wrote:*   

> i cant find this in kernel IP_NF_SECURITY maybe its problem to start iptables

 

```
config IP_NF_SECURITY

    tristate "Security table"

    depends on SECURITY

    depends on NETFILTER_ADVANCED

    help

```

You may have disabled one of the supporting symbols, which would cause IP_NF_SECURITY to be hidden.  Before enabling it, check whether you actually use the security table.  I think you could get this error if your saved rules mention the table, even if no records are added to it.

----------

## sleepingsun

Just use for dhcp and NAT IPtables and when i  go to 

/usr/src/linux/

make menuconfig 

where i to go to enable this config IP_NF_SECURITY i spent whole night to enable this and nothing

----------

## Hu

Please post your saved iptables rules.  I suspect the proper fix is to edit the saved rules to remove unnecessary use of the security table.  Showing your rules would let me confirm that.

----------

## sleepingsun

just back to old kernel 4.14.65 and everythings work fine ... i use iptables for NAT and dhcp to get on second network ip adresses and internet too and that security table need to be there ... i just take this weekend to see kernel in this compile and maybe i missed something on new but think that is something change is this new ... and will se what i miss

----------

## papas

Hello, i think is under:

```

Networking support > Networking options > Network packet filtering framework (Netfilter) > IP: Netfilter Configuration

```

and check the

```

<M>   Security table

```

----------

## Hu

Most users do not need the security table.  As I said above, please post the failed rules, so that we can determine whether you should change the rules or should enable support for the security table.  If you need the table, then you can use menuconfig's search to take you to it and, if it is not accessible due to missing prerequisites, you can use search to jump to those first.  I listed the prerequisites in my response before the prior one.

----------

## sleepingsun

 *Quote:*   

> # Generated by iptables-save v1.6.1 on Sat Apr 28 22:00:52 2018
> 
> *security
> 
> :INPUT ACCEPT [160646828:267341418532]
> ...

 

----------

## Hu

As I suspected, you are not using the security table.  It has no rules, and its counters are unlikely to be useful.  You should edit the iptables-save output to remove the security table.  Delete lines 2-6, inclusive, then the resulting file should be usable without a kernel configuration change.

----------

