[SOLVED] IPTABLES rules failed

Message

smokyrun · Post by **smokyrun** » Wed Mar 04, 2026 4:55 am

Hello All,

Last week I upgrade my kernel from the release 6.12.58 to 6.18.12 when I try to apply all my iptables rules I get error messages.
Below information about my configuration :

Code: Select all

root@himalaya ~ # eselect iptables list
Available iptables symlink targets:
  [1]   xtables-legacy-multi
  [2]   xtables-nft-multi *

The 2 USE flags for iptables ebuild

Code: Select all

root@himalaya ~ # cat /etc/portage/package.use/iptables 
net-firewall/iptables nftables conntrack

An extract of my iptables rules :

r

Code: Select all

oot@himalaya ~ # more firerules.29102025 
# Generated by iptables-save v1.8.11 on Wed Oct 29 09:53:44 2025
*nat
:PREROUTING ACCEPT [9:880]
:INPUT ACCEPT [9:880]
:OUTPUT ACCEPT [40:2803]
:POSTROUTING ACCEPT [40:2803]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT

Below error message when I try to restore them :

Code: Select all

root@himalaya ~ # iptables-restore < firerules.29102025 
Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
iptables-restore v1.8.11 (nf_tables): 
line 3: TABLE_ADD failed (Operation not supported): table nat
line 3: CHAIN_ADD failed (No such file or directory): chain PREROUTING
line 3: CHAIN_UPDATE failed (No such file or directory): chain PREROUTING
line 4: TABLE_ADD failed (Operation not supported): table nat
line 4: CHAIN_ADD failed (No such file or directory): chain INPUT
line 4: CHAIN_UPDATE failed (No such file or directory): chain INPUT
line 5: TABLE_ADD failed (Operation not supported): table nat
line 5: CHAIN_ADD failed (No such file or directory): chain OUTPUT
line 5: CHAIN_UPDATE failed (No such file or directory): chain OUTPUT
line 6: TABLE_ADD failed (Operation not supported): table nat
line 6: CHAIN_ADD failed (No such file or directory): chain POSTROUTING
line 6: CHAIN_UPDATE failed (No such file or directory): chain POSTROUTING
line 7: TABLE_ADD failed (Operation not supported): table nat
line 7: CHAIN_USER_ADD failed (No such file or directory): chain LIBVIRT_PRT
line 8: TABLE_ADD failed (Operation not supported): table nat

I know there are some news in the new kernel configuration.

Thank you in advance for your help.

Kind regards,

smokyrun

Post by **Banana** » Wed Mar 04, 2026 6:57 am

Maybe this topic here can help

smokyrun · Post by **smokyrun** » Wed Mar 04, 2026 9:34 am

Thank you so much for your reply Banana, I'm going to look that.

smokyrun · Post by **smokyrun** » Fri Mar 06, 2026 11:16 am

Hello All,

I succeeded to fix my iptables problem, on the new kernel config I activated this module

Code: Select all

CONFIG_NETFILTER_XTABLES_LEGACY

, this parameter is a new functionality in the kernel 6.18.xx for the legacy part and activated all netfilter module as in the ancient release of kernel.

Have a nice day.

Kind regards,

smokyrun

Post by **NeddySeagoon** » Fri Mar 06, 2026 12:41 pm

smokyrun,

That CONFIG_NETFILTER_XTABLES_LEGACY option is the first step in removing iptables from the kernel.

You have plenty oy time to migrate to netfilter, if you start planning now.

smokyrun · Post by **smokyrun** » Sat Mar 07, 2026 6:00 pm

Thank you so much NeddySeagoon for your adivices and these information.

smokyrun