Failed to load nf_conntrack module when starting FirewallD

Problem Description

Upon starting FirewallD you might encounter the error listed hereunder. This particular behavior was observed on a new installation of Virtualmin/Webmin.

Sep 19 20:11:45 hostname firewalld[15323]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name='nf_conntrack'
modprobe: ERROR: could not insert 'nf_conntrack': Function not implemented
modprobe: ERROR: Error running install command for nf_conntrack...
Sep 19 20:11:45 hostname firewalld[15323]: ERROR: Raising SystemExit in run_server

Fix

The solution is to run the following 4 commands as root and then restart FirewallD

mkdir /lib/modules/$(uname -r)

touch /lib/modules/$(uname -r)/modules.{builtin,order}

for i in /sys/module/*; do echo kernel/${i##**/}.ko; done >> /lib/modules/$(uname -r)/modules.builtin

depmod -a

Now restart FirewallD

service firewalld start

and check if it’s working

service firewalld status

If you have feedback, please leave a comment below.

Reference

https://www.linode.com/community/questions/18185/firewalld-doesnt-work-with-default-linode-kernel-on-fedora-30
https://www.liquidweb.com/kb/how-to-start-and-enable-firewalld-on-centos-7/

Share this article

6 thoughts on “Failed to load nf_conntrack module when starting FirewallD”

  1. Could you be more clear about this? How do I run the following code? I have webmin/virtualmin installed.

    When I use the command: systemctl status firewalld -l, I get:

    [[email protected] ~]# systemctl status firewalld -l
    ● firewalld.service – firewalld – dynamic firewall daemon
    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
    Active: inactive (dead) since Fri 2019-10-04 09:55:36 EDT; 13s ago
    Docs: man:firewalld(1)
    Process: 18604 ExecStart=/usr/sbin/firewalld –nofork –nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
    Main PID: 18604 (code=exited, status=0/SUCCESS)

    Oct 04 09:55:36 ns557317 systemd[1]: Starting firewalld – dynamic firewall daemon…
    Oct 04 09:55:36 ns557317 systemd[1]: Started firewalld – dynamic firewall daemon.
    Oct 04 09:55:36 ns557317 firewalld[18604]: ERROR: Failed to load nf_conntrack module: modprobe: ERROR: could not find module by name=’nf_conntrack’
    modprobe: ERROR: could not insert ‘nf_conntrack’: Function not implemented
    modprobe: ERROR: Error running install command for nf_conntrack
    modprobe: ERROR: could not insert ‘nf_conntrack’: Operation not permitted
    Oct 04 09:55:36 ns557317 firewalld[18604]: ERROR: Raising SystemExit in run_server

  2. Eugène van der Merwe

    Hi Peter,

    To fix the problem, you have to run 4 commands as root.

    1. `mkdir` makes the directory. You can just copy that line above and press enter.
    2. `touch` creates an empty file. Again, just copy that line and press enter.
    3. The `for i in` is a long line that ends with the `modules.builtin`. Copy the entire line. That loop with create modules that are loadable.
    4. The final `depmod -a` creates modules dependencies and map file. Copy the line and press enter.

    We could also Skype or screenshare if you need more help or skype me on [email protected]

  3. Eugène van der Merwe

    I’ve updated the article to make it more clear that there are 4 separate commands to be run.

  4. [[email protected] ~]$ sudo for i in /sys/module/*; do echo kernel/${i##**/}.ko; done >> /lib/modules/$(uname -r)/modules.builtin
    -bash: syntax error near unexpected token `do’

    Can you confirm the syntax is correct (I did a copy and paste)?

Leave a Reply

Your email address will not be published.

Scroll to Top