iptables-legacy cannot load NFQUEUE targets and the --queue-num and --queue-bypass options are unknown options
I am trying to run the following iptables command from https://github.com/farukuzun/notsodeep on ubuntu 20.04.1.
iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK --sport 443 -j NFQUEUE --queue-num 200 --queue-bypass
But the result of execution is as follows:
# iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK --sport 443 -j NFQUEUE --queue-num 200 --queue-bypass
iptables v1.8.4 (legacy): unknown option "--queue-num"
Try `iptables -h' or 'iptables --help' for more information.
And the following execution result makes it look like the NFQUEUE target doesn't exist on my machine at all:
# iptables -A INPUT -j NFQUEUE
iptables v1.8.4 (legacy): Couldn't load target `NFQUEUE':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
I'm embarrassed because it's a situation I've never seen before. As I expected, all commands should work fine.
Is this all because the Ubuntu system I'm using is based on WSL (https://docs.microsoft.com/windows/wsl/install-win10)?
Solution 1:
Check the output of these commands:
modinfo xt_NFQUEUE
lsmod | grep NFQUEUE
iptables -j NFQUEUE --help
Every xtables target consists of two parts:
- Userspace library for iptables tool -- it parses command line arguments from user and translates it into a data structure, and vise versa to print rules from kernel
- Kernel module, that processes the packets.
First two commands check the presence of the kernel module and the loading of it. Third rule checks the presence of the userspace library and list of supported options.
The first version WSL has very limited support of the native linux tools, because it doesn't use the Linux kernel itself, but use the translation of system calls to Windows NT kernel.
To get complete support of the iptables you should use the WSL2. It uses the real Linux kernel, not emulation over Windows NT kernel.