Module ip_tables not found after upgrade

Question

Since I upgraded recently my Ubuntu server from 20.04 to 22.04 I have an issue with Docker. Docker will not start any more after reboot, because of the ip_tables module.

After every reboot of Ubuntu the ip_tables module is not available, lsmod | grep ip returns only:

multipath              20480  0

And

$ sudo iptables -L
iptables/1.8.7 Failed to initialize nft: Protocol not supported

After reinstalling the Linux kernel modules and activating ip_tables it works for the current boot. With the next reboot, the module will be unavailable again, and it has to be reinstalled and activated again to work for the current boot:

$ sudo apt reinstall linux-modules-$(uname -r)
[...]
Setting up linux-modules-5.15.0-41-generic (5.15.0-41.44) ...
Processing triggers for linux-image-5.15.0-41-generic (5.15.0-41.44) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.15.0-41-generic
/etc/kernel/postinst.d/zz-update-grub:
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.15.0-41-generic
Found initrd image: /boot/initrd.img-5.15.0-41-generic
Found linux image: /boot/vmlinuz-5.15.0-40-generic
Found initrd image: /boot/initrd.img-5.15.0-40-generic
Found linux image: /boot/vmlinuz-5.4.0-122-generic
Found initrd image: /boot/initrd.img-5.4.0-122-generic
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
Scanning processes...
Scanning processor microcode...
Scanning linux images...

Running kernel seems to be up-to-date.

The processor microcode seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.
$ sudo modprobe ip_tables

After that, the ip_tables module can be found again with lsmod

$ lsmod | grep ip
nf_defrag_ipv6         24576  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
ip_tables              32768  0
x_tables               53248  7 xt_conntrack,nft_compat,xt_tcpudp,xt_addrtype,xt_nat,ip_tables,xt_MASQUERADE
multipath              20480  0

And sudo iptables -L returns the IP-Table like expected (Docker works also again)…

Setting the update alternative for iptables to legacy, will just result in a different error:

$ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
$ sudo iptables -L
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/5.15.0-41-generic
iptables v1.8.7 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Does anyone have an idea what has been gone wrong, that I do need to reinstall the kernel modules after every reboot?

Ion Iturbe · Accepted Answer · 2022-09-28T10:00:11.987

0

I was having the same problem.

Following this post solved the issue.

To know which kernel versions where available, I used.

dpkg --list | grep linux-image

edited Sep 28 '22 at 10:00

answered Sep 28 '22 at 08:51

Ion Iturbe

16
1
2

score 0 · Answer 2 · answered Jan 31 '23 at 19:18

I managed to fix it by:

apt-get install -y --reinstall linux-image-$(uname -r)-generic linux-image-$(uname -r)-generic

For some reason ip_tables.ko had disappeared from /lib/modules but by reinstalling kernel and modules brought them back. After this running:

modprobe ip_tables

worked ok.

Module ip_tables not found after upgrade

2 Answers2