iptables error in android: iptables-save and iptables-restore not working

Question

I have compiled Linux for android emulator with full netfilter functionality enabled. And got a iptables binary after building android from source.

When i push this binary to the emulator

i can execute commands like below successfully.

iptables -L
iptables -F
iptables -A INPUT -s www.google.com -j DROP

with this error:

# # iptables -L
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
#

and

# iptables -A INPUT -s www.google.com -j DROP
getsockopt for multiport failed strangely: No such file or directory
getsockopt for multiport failed strangely: No such file or directory
FIX ME! implement getgrnam() bionic/libc/bionic/stubs.c:344

but atleast the above commands they work!

but when i try

iptables-save     or
iptables-restore

i get error saying

iptables-save: not found

In my config file

CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m

what is the problem..?? and how can i enable full iptables functionality in android or how can i save the current active iptables rules safely and reload them when next reboot.

please help. thank you!

I'm pretty sure `iptables-save` and `iptables-restore` are different binaries, hence why they don't contain spaces (as opposed to `iptables -L`, for example, which does). — eldarerathis, Apr 04 '11 at 17:28
actually i meant to write iptables-save or iptables-retore as a sentence. sorry. — Preetam, Apr 05 '11 at 17:45

David B. · Answer 1 · 2017-05-01T19:07:01.307

2

The iptables-save and iptables-restore binaries are not built by the default Android system makefiles.

You'll need to add rules to the Android.mk file in $mydroid/external/iptables/ to build them. The source files, iptables-save.c and iptables-restore.c are already in that directory.

Untested, but to build iptables-save, add something like this to the end of Android.mk. Rinse and repeat for iptables-restore:

#
# Build iptables-save
#

include $(CLEAR_VARS)

LOCAL_C_INCLUDES:= \
    $(LOCAL_PATH)/include/ \
    $(KERNEL_HEADERS)

LOCAL_CFLAGS:=-DNO_SHARED_LIBS
LOCAL_CFLAGS+=-DIPTABLES_VERSION=\"1.3.7\"

LOCAL_SRC_FILES:= \
    iptables-save.c 

LOCAL_MODULE_TAGS:=debug
LOCAL_MODULE:=iptables-save

LOCAL_STATIC_LIBRARIES := \
    libiptc \
    libext

include $(BUILD_EXECUTABLE)

edited May 01 '17 at 19:07

answered Apr 05 '11 at 01:00

David B.

5,700
5
31
52

Thank you very much David! but when i do this i get many errors like: – Preetam Apr 05 '11 at 01:49
sorry, i was not able to enter the output in comments, so i put that in answer. – Preetam Apr 05 '11 at 02:09
if android team has modified iptables source, to exclude iptables-save than they must have modified some source files which call functions in iptables-save(i think). May be because of that, the error comes. – Preetam Apr 05 '11 at 02:13
I checked iptables 1.3.7 sourcecode from netfilter. It seems that android source has its own modified iptables. Like, the file iptables-1.3.7/extension/libipt_connmark.c is changed to libipt_2connmark.c ,, So, is there any way to solve the problem?? – Preetam Apr 05 '11 at 02:54

score 1 · Accepted Answer · answered Sep 30 '12 at 10:33

This is what I've added to my Android.mk in order to get both iptables-save and iptables-retore. It compiles ok on android 4.0.3.



#----------------------------------------------------------------
# iptables-save


include $(CLEAR_VARS)

LOCAL_C_INCLUDES:= \
    $(LOCAL_PATH)/../include/

LOCAL_CFLAGS:=-DNO_SHARED_LIBS=1
LOCAL_CFLAGS+=-DALL_INCLUSIVE
LOCAL_CFLAGS+=-DXTABLES_INTERNAL
# Accommodate arm-eabi-4.4.3 tools that don't set __ANDROID__
LOCAL_CFLAGS+=-D__ANDROID__

LOCAL_SRC_FILES:= \
    iptables-save.c iptables.c xshared.c

LOCAL_MODULE_TAGS := optional
LOCAL_MODULE:=iptables-save

LOCAL_STATIC_LIBRARIES := \
    libext \
    libext4 \
    libip4tc \
    libxtables

include $(BUILD_EXECUTABLE)


#----------------------------------------------------------------
# iptables-restore


include $(CLEAR_VARS)

LOCAL_C_INCLUDES:= \
    $(LOCAL_PATH)/../include/

LOCAL_CFLAGS:=-DNO_SHARED_LIBS=1
LOCAL_CFLAGS+=-DALL_INCLUSIVE
LOCAL_CFLAGS+=-DXTABLES_INTERNAL
# Accommodate arm-eabi-4.4.3 tools that don't set __ANDROID__
LOCAL_CFLAGS+=-D__ANDROID__

LOCAL_SRC_FILES:= \
    iptables-restore.c iptables.c xshared.c

LOCAL_MODULE_TAGS := optional
LOCAL_MODULE:=iptables-restore

LOCAL_STATIC_LIBRARIES := \
    libext \
    libext4 \
    libip4tc \
    libxtables

include $(BUILD_EXECUTABLE)

iptables error in android: iptables-save and iptables-restore not working

2 Answers2