iptables-restore v1.8.4 (legacy): couldn't load match `limit':no such file or directory

UFW & Iptables not working in Debian 10

By @AnthonySmith

If you are getting an iptables related issue generally or when trying to use an OpenVPN installer script or general VPN setup and the error is similar to:

iptables-restore v1.8.4 (legacy): couldn't load match `limit':no such file or directory

or

iptables v1.8.2 (nf_tables): unknown option "--dport"

or

iptables v1.8.4 (nf_tables): unknown option "--dport"

or

error: couldn't determine iptables version

The cause is likely to be as a result of you using an OpenVZ container without nftable support in the host node kernel or perhaps you have upgraded Debian from a previous version and don't have the modules loaded in the kernel or perhaps the installer script you are using simply expects iptables rather than nftables.

You can resolve this by switching back to iptables (now being called iptables legacy) simply running:

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy 
update-alternatives --set ebtables /usr/sbin/ebtables-legacy

For OpenVZ conatiners you may need to run the following instead:

apt install iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

To revert if that was notthe issue then you need to run:

update-alternatives --set iptables /usr/sbin/iptables-nft
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
update-alternatives --set arptables /usr/sbin/arptables-nft
update-alternatives --set ebtables /usr/sbin/ebtables-nft

Previous Post Next Post