IPTable iptable_filter 模块未加载。
操作系统:Ubuntu 18.04 发布:5.4.0-1097-aws
一切都是从官方 apt repos 安装的,不是本地编译的。
我试过重装内核:
sudo apt install linux-generic -y
sudo apt install --reinstall linux-image-$(uname -r) -y;
sudo apt install --reinstall linux-modules-$(uname -r) -y;
sudo apt install --reinstall linux-modules-extra-$(uname -r) -y;
我试过“sudo depmod -a”。
我试过“sudo modprobe -vvv iptable_filter”:
modprobe: INFO: ../libkmod/libkmod.c:364 kmod_set_log_fn() custom logging function 0x55920115c750 registered
modprobe: DEBUG: ../libkmod/libkmod-index.c:755 index_mm_open() file=/lib/modules/5.4.0-1097-aws/modules.dep.bin
modprobe: DEBUG: ../libkmod/libkmod-index.c:755 index_mm_open() file=/lib/modules/5.4.0-1097-aws/modules.alias.bin
modprobe: DEBUG: ../libkmod/libkmod-index.c:755 index_mm_open() file=/lib/modules/5.4.0-1097-aws/modules.symbols.bin
modprobe: DEBUG: ../libkmod/libkmod-index.c:755 index_mm_open() file=/lib/modules/5.4.0-1097-aws/modules.builtin.bin
modprobe: DEBUG: ../libkmod/libkmod-module.c:556 kmod_module_new_from_lookup() input alias=iptable_filter, normalized=iptable_filter
modprobe: DEBUG: ../libkmod/libkmod-module.c:562 kmod_module_new_from_lookup() lookup modules.dep iptable_filter
modprobe: DEBUG: ../libkmod/libkmod.c:574 kmod_search_moddep() use mmaped index 'modules.dep' modname=iptable_filter
modprobe: DEBUG: ../libkmod/libkmod.c:402 kmod_pool_get_module() get module name='iptable_filter' found=(nil)
modprobe: DEBUG: ../libkmod/libkmod.c:410 kmod_pool_add_module() add 0x559201f40c60 key='iptable_filter'
modprobe: DEBUG: ../libkmod/libkmod.c:402 kmod_pool_get_module() get module name='ip_tables' found=(nil)
modprobe: DEBUG: ../libkmod/libkmod.c:402 kmod_pool_get_module() get module name='ip_tables' found=(nil)
modprobe: DEBUG: ../libkmod/libkmod.c:410 kmod_pool_add_module() add 0x559201f40e30 key='ip_tables'
modprobe: DEBUG: ../libkmod/libkmod-module.c:196 kmod_module_parse_depline() add dep: /lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/ip_tables.ko
modprobe: DEBUG: ../libkmod/libkmod.c:402 kmod_pool_get_module() get module name='x_tables' found=(nil)
modprobe: DEBUG: ../libkmod/libkmod.c:402 kmod_pool_get_module() get module name='x_tables' found=(nil)
modprobe: DEBUG: ../libkmod/libkmod.c:410 kmod_pool_add_module() add 0x559201f40fb0 key='x_tables'
modprobe: DEBUG: ../libkmod/libkmod-module.c:196 kmod_module_parse_depline() add dep: /lib/modules/5.4.0-1097-aws/kernel/net/netfilter/x_tables.ko
modprobe: DEBUG: ../libkmod/libkmod-module.c:202 kmod_module_parse_depline() 2 dependencies for iptable_filter
modprobe: DEBUG: ../libkmod/libkmod-module.c:583 kmod_module_new_from_lookup() lookup iptable_filter=0, list=0x559201f40d70
modprobe: DEBUG: ../libkmod/libkmod.c:501 lookup_builtin_file() use mmaped index 'modules.builtin' modname=iptable_filter
modprobe: DEBUG: ../libkmod/libkmod-module.c:1750 kmod_module_get_initstate() could not open '/sys/module/iptable_filter/initstate': No such file or directory
modprobe: DEBUG: ../libkmod/libkmod-module.c:1760 kmod_module_get_initstate() could not open '/sys/module/iptable_filter': No such file or directory
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_pcsp mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_usb_audio mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=cx88_alsa mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_atiixp_modem mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_intel8x0m mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_via82xx_modem mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=md_mod mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=bonding mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=dummy mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=vmwgfx mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=nvme mod->name=x_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod.c:501 lookup_builtin_file() use mmaped index 'modules.builtin' modname=x_tables
modprobe: DEBUG: ../libkmod/libkmod-module.c:1306 kmod_module_probe_insert_module() Ignoring module 'x_tables': already loaded
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_pcsp mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_usb_audio mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=cx88_alsa mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_atiixp_modem mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_intel8x0m mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=snd_via82xx_modem mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=md_mod mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=bonding mod->name=ip_tables mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=dummy mod->name=iptable_filter mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=vmwgfx mod->name=iptable_filter mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1393 kmod_module_get_options() modname=nvme mod->name=iptable_filter mod->alias=(null)
modprobe: DEBUG: ../libkmod/libkmod-module.c:1750 kmod_module_get_initstate() could not open '/sys/module/iptable_filter/initstate': No such file or directory
modprobe: DEBUG: ../libkmod/libkmod-module.c:1760 kmod_module_get_initstate() could not open '/sys/module/iptable_filter': No such file or directory
modprobe: DEBUG: ../libkmod/libkmod-module.c:744 kmod_module_get_path() name='iptable_filter' path='/lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko'
modprobe: DEBUG: ../libkmod/libkmod-module.c:744 kmod_module_get_path() name='iptable_filter' path='/lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko'
insmod /lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko
modprobe: DEBUG: ../libkmod/libkmod-module.c:744 kmod_module_get_path() name='iptable_filter' path='/lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko'
modprobe: INFO: ../libkmod/libkmod-module.c:886 kmod_module_insert_module() Failed to insert module '/lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko': Operation not permitted
modprobe: ERROR: could not insert 'iptable_filter': Operation not permitted
modprobe: DEBUG: ../libkmod/libkmod-module.c:468 kmod_module_unref() kmod_module 0x559201f40c60 released
modprobe: DEBUG: ../libkmod/libkmod.c:418 kmod_pool_del_module() del 0x559201f40c60 key='iptable_filter'
modprobe: DEBUG: ../libkmod/libkmod-module.c:468 kmod_module_unref() kmod_module 0x559201f40fb0 released
modprobe: DEBUG: ../libkmod/libkmod.c:418 kmod_pool_del_module() del 0x559201f40fb0 key='x_tables'
modprobe: DEBUG: ../libkmod/libkmod-module.c:468 kmod_module_unref() kmod_module 0x559201f40e30 released
modprobe: DEBUG: ../libkmod/libkmod.c:418 kmod_pool_del_module() del 0x559201f40e30 key='ip_tables'
modprobe: INFO: ../libkmod/libkmod.c:331 kmod_unref() context 0x559201f40450 released
如果我跟踪 modprobe,“strace -o /tmp/strace.out modprobe iptable_filter”,我得到:
execve("/sbin/modprobe", ["modprobe", "iptable_filter"], 0x7fff1ca6a2e8 /* 15 vars */) = 0
brk(NULL) = 0x5640a3991000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=65776, ...}) = 0
mmap(NULL, 65776, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b723d2000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\35\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2030928, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9b723d0000
mmap(NULL, 4131552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9b71dc9000
mprotect(0x7f9b71fb0000, 2097152, PROT_NONE) = 0
mmap(0x7f9b721b0000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f9b721b0000
mmap(0x7f9b721b6000, 15072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9b721b6000
close(3) = 0
arch_prctl(ARCH_SET_FS, 0x7f9b723d1540) = 0
mprotect(0x7f9b721b0000, 16384, PROT_READ) = 0
mprotect(0x5640a2d6a000, 8192, PROT_READ) = 0
mprotect(0x7f9b723e3000, 4096, PROT_READ) = 0
munmap(0x7f9b723d2000, 65776) = 0
brk(NULL) = 0x5640a3991000
brk(0x5640a39b2000) = 0x5640a39b2000
uname({sysname="Linux", nodename="aws-oregon-user-dev-aharrison-node-1", ...}) = 0
stat("/etc/modprobe.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/etc/modprobe.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getdents(3, /* 14 entries */, 32768) = 592
newfstatat(3, "blacklist-watchdog.conf", {st_mode=S_IFREG|0644, st_size=1077, ...}, 0) = 0
newfstatat(3, "blacklist-xen-fbfront.conf", {st_mode=S_IFREG|0644, st_size=236, ...}, 0) = 0
newfstatat(3, "blacklist-ath_pci.conf", {st_mode=S_IFREG|0644, st_size=325, ...}, 0) = 0
newfstatat(3, "iwlwifi.conf", {st_mode=S_IFREG|0644, st_size=347, ...}, 0) = 0
newfstatat(3, "vmwgfx-fbdev.conf", {st_mode=S_IFREG|0644, st_size=30, ...}, 0) = 0
newfstatat(3, "intel-microcode-blacklist.conf", {st_mode=S_IFREG|0644, st_size=154, ...}, 0) = 0
newfstatat(3, "mdadm.conf", {st_mode=S_IFREG|0644, st_size=379, ...}, 0) = 0
newfstatat(3, "blacklist.conf", {st_mode=S_IFREG|0644, st_size=1667, ...}, 0) = 0
newfstatat(3, "blacklist-firewire.conf", {st_mode=S_IFREG|0644, st_size=210, ...}, 0) = 0
newfstatat(3, "blacklist-rare-network.conf", {st_mode=S_IFREG|0644, st_size=583, ...}, 0) = 0
newfstatat(3, "amd64-microcode-blacklist.conf", {st_mode=S_IFREG|0644, st_size=154, ...}, 0) = 0
newfstatat(3, "blacklist-framebuffer.conf", {st_mode=S_IFREG|0644, st_size=677, ...}, 0) = 0
getdents(3, /* 0 entries */, 32768) = 0
close(3) = 0
stat("/run/modprobe.d", 0x7fff9102e5c0) = -1 ENOENT (No such file or directory)
stat("/lib/modprobe.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
openat(AT_FDCWD, "/lib/modprobe.d", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
getdents(3, /* 8 entries */, 32768) = 344
newfstatat(3, "blacklist_linux_4.15.0-206-generic.conf", {st_mode=S_IFREG|0644, st_size=1462, ...}, 0) = 0
newfstatat(3, "systemd.conf", {st_mode=S_IFREG|0644, st_size=765, ...}, 0) = 0
newfstatat(3, "blacklist_linux-aws-5.4_5.4.0-1096-aws.conf", {st_mode=S_IFREG|0644, st_size=1468, ...}, 0) = 0
newfstatat(3, "fbdev-blacklist.conf", {st_mode=S_IFREG|0644, st_size=390, ...}, 0) = 0
newfstatat(3, "blacklist_linux-aws-5.4_5.4.0-1097-aws.conf", {st_mode=S_IFREG|0644, st_size=1468, ...}, 0) = 0
newfstatat(3, "aliases.conf", {st_mode=S_IFREG|0644, st_size=655, ...}, 0) = 0
getdents(3, /* 0 entries */, 32768) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modprobe.d/aliases.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=655, ...}) = 0
read(3, "# These are the standard aliases"..., 4096) = 655
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/amd64-microcode-blacklist.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
read(3, "# The microcode module attempts "..., 4096) = 154
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist-ath_pci.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=325, ...}) = 0
read(3, "# For some Atheros 5K RF MACs, t"..., 4096) = 325
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist-firewire.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=210, ...}) = 0
read(3, "# Select the legacy firewire sta"..., 4096) = 210
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist-framebuffer.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=677, ...}) = 0
read(3, "# Framebuffer drivers are genera"..., 4096) = 677
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist-rare-network.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=583, ...}) = 0
read(3, "# Many less commonly used networ"..., 4096) = 583
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist-watchdog.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=1077, ...}) = 0
read(3, "# Watchdog drivers should not be"..., 4096) = 1077
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist-xen-fbfront.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=236, ...}) = 0
read(3, "# CLOUD_IMG: This file was creat"..., 4096) = 236
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/blacklist.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=1667, ...}) = 0
read(3, "# This file lists those modules "..., 4096) = 1667
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modprobe.d/blacklist_linux-aws-5.4_5.4.0-1096-aws.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=1468, ...}) = 0
read(3, "# Kernel supplied blacklist for "..., 4096) = 1468
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modprobe.d/blacklist_linux-aws-5.4_5.4.0-1097-aws.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=1468, ...}) = 0
read(3, "# Kernel supplied blacklist for "..., 4096) = 1468
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modprobe.d/blacklist_linux_4.15.0-206-generic.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=1462, ...}) = 0
read(3, "# Kernel supplied blacklist for "..., 4096) = 1462
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modprobe.d/fbdev-blacklist.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=390, ...}) = 0
read(3, "# This file blacklists most old-"..., 4096) = 390
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/intel-microcode-blacklist.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=154, ...}) = 0
read(3, "# The microcode module attempts "..., 4096) = 154
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/iwlwifi.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=347, ...}) = 0
read(3, "# /etc/modprobe.d/iwlwifi.conf\n#"..., 4096) = 347
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/mdadm.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=379, ...}) = 0
read(3, "# mdadm module configuration fil"..., 4096) = 379
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modules/5.4.0-1097-aws/modules.softdep", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=546, ...}) = 0
read(3, "# Soft dependencies extracted fr"..., 4096) = 546
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modprobe.d/systemd.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=765, ...}) = 0
read(3, "# SPDX-License-Identifier: LGPL"..., 4096) = 765
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/modprobe.d/vmwgfx-fbdev.conf", O_RDONLY|O_CLOEXEC) = 3
fcntl(3, F_GETFL) = 0x8000 (flags O_RDONLY|O_LARGEFILE)
fstat(3, {st_mode=S_IFREG|0644, st_size=30, ...}) = 0
read(3, "options vmwgfx enable_fbdev=1\n", 4096) = 30
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/proc/cmdline", O_RDONLY|O_CLOEXEC) = 3
read(3, "BOOT_IMAGE=/boot/vmlinuz-5.4.0-1"..., 4095) = 144
read(3, "", 3951) = 0
close(3) = 0
openat(AT_FDCWD, "/lib/modules/5.4.0-1097-aws/modules.dep.bin", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=119675, ...}) = 0
mmap(NULL, 119675, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b723b2000
close(3) = 0
openat(AT_FDCWD, "/lib/modules/5.4.0-1097-aws/modules.alias.bin", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=151195, ...}) = 0
mmap(NULL, 151195, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b7238d000
close(3) = 0
openat(AT_FDCWD, "/lib/modules/5.4.0-1097-aws/modules.symbols.bin", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=306863, ...}) = 0
mmap(NULL, 306863, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b72342000
close(3) = 0
openat(AT_FDCWD, "/lib/modules/5.4.0-1097-aws/modules.builtin.bin", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=8964, ...}) = 0
mmap(NULL, 8964, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b723e0000
close(3) = 0
stat("/lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/ip_tables.ko", {st_mode=S_IFREG|0644, st_size=40865, ...}) = 0
stat("/lib/modules/5.4.0-1097-aws/kernel/net/netfilter/x_tables.ko", {st_mode=S_IFREG|0644, st_size=63809, ...}) = 0
openat(AT_FDCWD, "/sys/module/iptable_filter/initstate", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/sys/module/iptable_filter", 0x7fff9102e540) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/sys/module/x_tables/initstate", O_RDONLY|O_CLOEXEC) = 3
read(3, "live\n", 31) = 5
read(3, "", 26) = 0
close(3) = 0
openat(AT_FDCWD, "/sys/module/ip_tables/initstate", O_RDONLY|O_CLOEXEC) = 3
read(3, "live\n", 31) = 5
read(3, "", 26) = 0
close(3) = 0
openat(AT_FDCWD, "/sys/module/iptable_filter/initstate", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
stat("/sys/module/iptable_filter", 0x7fff9102e540) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=9025, ...}) = 0
mmap(NULL, 9025, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9b723dd000
finit_module(3, "", 0) = -1 EPERM (Operation not permitted)
write(2, "modprobe: ERROR: could not inser"..., 76) = 76
munmap(0x7f9b723dd000, 9025) = 0
close(3) = 0
munmap(0x7f9b723b2000, 119675) = 0
munmap(0x7f9b7238d000, 151195) = 0
munmap(0x7f9b72342000, 306863) = 0
munmap(0x7f9b723e0000, 8964) = 0
exit_group(1) = ?
+++ exited with 1 +++
我可以看到 /lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/ 中存在 .ko 文件。它是 644 号模组。
我没有看到 /lib/modules/5.4.0-1097-aws/modules.builtin.bin 中列出的模块。
“modinfo iptable_filter”说:
filename: /lib/modules/5.4.0-1097-aws/kernel/net/ipv4/netfilter/iptable_filter.ko
description: iptables filter table
author: Netfilter Core Team <[email protected]>
license: GPL
srcversion: 4B536AA51E969CB07EDA8CC
depends: x_tables,ip_tables
retpoline: Y
intree: Y
name: iptable_filter
vermagic: 5.4.0-1097-aws SMP mod_unload modversions
signat: PKCS#7
signer:
sig_key:
sig_hashalgo: md4
parm: forward:bool
如果我在 /var/log/syslog 或 /var/log/kern.log 中 grep for iptable_filter,什么也没有回来。
为什么我在加载模块时被拒绝许可?我该如何解决?