Recently I was deploying a service that made use of Linux’s IPTABLES feature, but this time in an LXC container. LXC containers provide an extremely lightweight virtualization technology and a simple way to separate environments.

When loading IPTABLES rules in the container I encountered the following error:

ERROR: initcaps
[Errno 2] modprobe: ERROR: ../libkmod/libkmod.c:556 kmod_search_moddep() could not open moddep file '/lib/modules/3.16.0-4-amd64/modules.dep.bin'
ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

This was due to the fact that on the host, the ip6table_filter module was not loaded. Usually, the iptables command will by itself load the module when needed, but LXC shares the kernel of the host system and a container is restricted from loading modules into the host’s kernel.

The solution is to simply load the kernel module on the host:

# on debian jessie, as root:
modprobe ip6table_filter

After that the container will be able to make use of the new kernel module.