Installing Shorewall on a virtual server: ERROR: Your kernel/iptables do not include state match support

Question

I just got a virtual server (I think virtuozzo) with root access. I wanted to install shorewall but when I want to start it I get the error message

# shorewall start
Compiling...
Processing /etc/shorewall/shorewall.conf...
ERROR: Your kernel/iptables do not include state match support. No version of Shorewall will run on this system

So now I'm wondering what can I do? The system ist ubuntu 11.10.

score 8 · Answer 1 · answered Mar 12 '12 at 21:34

Virtuozzo is an interesting type of virtualisation. It's actually a "jail" - in the FreeBSD sense, rather than a hypervisor type Virtual Machine, like KVM. As a result, you need to tune the options of the Virtual Machine Host, to allow certain kernel functions to be passed through.

I believe that Virtuozzo is effectively OpenVZ (or similar enough) underneath, so you'll need to edit /etc/vz/vz.conf and add "ipt_state" to the IPTABLES variable, then restart the VM. (source)

Of course, you might not be able to do this, if you don't have control over the VM Host.

score 1 · Accepted Answer · answered Mar 12 '12 at 21:35

1

I'm thinking you are on openVZ and they haven't configured the server correctly.

answered Mar 12 '12 at 21:35

Lucas Kauffman

16,990

Installing Shorewall on a virtual server: ERROR: Your kernel/iptables do not include state match support

2 Answers2