iptables-persistent on Ubuntu 12.04 upgrade failing

Even after multiple apt-get upgrades…. I'm still getting:

Setting up iptables-persistent (0.5.3ubuntu2) …

dpkg: error processing iptables-persistent (--configure):

subprocess installed post-installation script returned error exit status 1

Setting up cron (3.0pl1-120ubuntu4) …

No apport report written because MaxReports is reached already

Installing new version of config file /etc/default/cron …

cron start/running, process 11980

Setting up libgnutls26 (2.12.14-5ubuntu3.1) …

Setting up language-pack-en (1:12.04+20120618) …

Setting up libaccountsservice0 (0.6.15-2ubuntu9.1) …

Setting up accountsservice (0.6.15-2ubuntu9.1) …

Setting up linux-libc-dev (3.2.0-26.41) …

Setting up python-crypto (2.4.1-1ubuntu0.1) …

Processing triggers for libc-bin …

ldconfig deferred processing now taking place

Errors were encountered while processing:

iptables-persistent

E: Sub-process /usr/bin/dpkg returned an error code (1)

Any ideas?

I've ran in to this problem before. It's an issue with the installation script provided by the package maintainer. Here's my previous write-up about it:

@theckman:

It appears the maintainer of the package, or the person who built the post-installation script, made the assumption that any error experienced while the script is running should indicate a complete failure.

On our platform, we compile a large number of common modules in to our kernel and you are unable to use modprobe if you wish to enable a specific module. As a result, any attempts to load a kernel module using modprobe will fail, and error status 1 will be returned.

Having extracted the .deb package, and looked at the "postinst" script, I found that it tries to run these two commands:

modprobe -q iptable_filter

modprobe -q ip6table_filter

In your case, it never makes it to the second command. When the first command is executed, it returns a status 1 error code. This wouldn't be an issue if the script was doing the error checking. However, because "set -e" is done at the top of the script, it immediately exits with status 1. Dpkg then intercepts this status, and assumes it has failed.

This is indeed a bug with the package itself. The postinst script should be refactored so that it doesn't blindly assume an error return from modprobe is an actual issue.

At this point, it appears that "iptables-persistent" should work as it has been installed. However, apt-get is most likely going to try to reconfigure "iptables-persistent" when doing any package installations in the future. This shouldn't cause the process to fail, but it will return a failure status code.

-Tim

Here's the script, as it existed when I did that write-up, if you are curious: http://privatepaste.com/1b3b56739f

-Tim

I just ran into this with a fresh Ubuntu 12.04 machine.

Based on the info provided by theckman and this ref:

https://bugs.launchpad.net/ubuntu/+sour … ug/1002078">https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1002078

…I was able to get it working!

TL;DR? Here the simple fix (copy-paste this block into the terminal):

sudo sed \
    -i 's/\(modprobe -q ip6\?table_filter\)/\1 || true/g' \
    /var/lib/dpkg/info/iptables-persistent.postinst; \
sudo aptitude install iptables-persistent

Thanks! Saved me the time and trouble of trying to figure it out myself.

Glad to see an old comment of mine could help!

-Tim