A site for solving at least some of your technical problems...
Linux Firewall "missing" igmp protocol... Watch out on reboot!
Submitted by Alexis Wilke on Sun, 10/24/2010 - 18:46
I just updated Linux to the newest version for Ubuntu 10.04 and got an error with the firewall...
* Setting up the firewall iptables...
iptables-restore v1.4.4: Couldn't load match `igmp':/lib/xtables/libipt_igmp.so: ...
... cannot open shared object file: No such file or directory
The fact is that the iptables code is now using a set of .so files to handle each protocol and it is found in the /lib/xtables folder. And there is no libipt_igmp.so file in there... so you cannot change anything against such packets. That's it...
I tried to use 2 as the protocol, just in case, and it gets me another error with libipt_2.so missing...
I'm sure it doesn't matter much, however, watch out because if your igmp is early on in the list of items to be checked it will break your firewall setup (i.e. leave many ports open!) and thus you may not have a firewall after your next reboot!!!
I had that in my firewall because I know that some packets are being sent every now and then. Again, probably not that important, but I usually don't think that it's necessary to cutoff friendly network traffic.
Now the following are the files that currently exist. Notice that IPv6 has its own set of files. The IPv4 are listed as libipt. I'm not too sure what the xt entries are for right now, although it looks like things that are not specific to IPv6 or IPv4 such as a network card MAC address.
libip6t_ah.so libip6t_dst.so libip6t_eui64.so libip6t_frag.so libip6t_hbh.so libip6t_hl.so libip6t_HL.so libip6t_icmp6.so libip6t_ipv6header.so libip6t_LOG.so libip6t_mh.so libip6t_REJECT.so libip6t_rt.so libipt_addrtype.so libipt_ah.so libipt_CLUSTERIP.so libipt_DNAT.so libipt_ecn.so libipt_ECN.so libipt_icmp.so libipt_LOG.so libipt_MASQUERADE.so libipt_MIRROR.so libipt_NETMAP.so libipt_realm.so libipt_REDIRECT.so libipt_REJECT.so libipt_SAME.so libipt_set.so libipt_SET.so libipt_SNAT.so libipt_ttl.so libipt_TTL.so libipt_ULOG.so libipt_unclean.so libxt_CLASSIFY.so libxt_cluster.so libxt_comment.so libxt_connbytes.so libxt_connlimit.so libxt_connmark.so libxt_CONNMARK.so libxt_CONNSECMARK.so libxt_conntrack.so libxt_dccp.so libxt_dscp.so libxt_DSCP.so libxt_esp.so libxt_hashlimit.so libxt_helper.so libxt_iprange.so libxt_length.so libxt_limit.so libxt_mac.so libxt_mark.so libxt_MARK.so libxt_multiport.so libxt_NFLOG.so libxt_NFQUEUE.so libxt_NOTRACK.so libxt_owner.so libxt_physdev.so libxt_pkttype.so libxt_policy.so libxt_quota.so libxt_rateest.so libxt_RATEEST.so libxt_recent.so libxt_sctp.so libxt_SECMARK.so libxt_socket.so libxt_standard.so libxt_state.so libxt_statistic.so libxt_string.so libxt_tcpmss.so libxt_TCPMSS.so libxt_TCPOPTSTRIP.so libxt_tcp.so libxt_time.so libxt_tos.so libxt_TOS.so libxt_TPROXY.so libxt_TRACE.so libxt_u32.so libxt_udp.so