I've been attempting to turn on net filtering in the linux kernel and manage it via the iptables utility, but I have been unable to get it to work. I've added CONFIG_NETFILTER, CONFIG_IP_NF_IPTABLES, and IP_NF_FILTER options to the kernel and cross-compiled the iptables utility. 

 

When I run iptables, I get a response like this: 

iptables v1.3.4: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. 

 

After following through the code, I found where it is erroring out. In libiptc.c, the function TC_INIT calls getsockopt(sockfd, TC_IPPROTO, SO_GET_INFO, &info, &s), which returns -1, which is -EPERM. I'm now trying to trace down where this problem is occurring in the kernel, but I haven't got a definitive answer yet. 

 

Has anyone else here sucessfully got iptables to work?