iptables-restore v1.8.4 (legacy): couldn't load match `limit':no such file or directory
Written by Anthony Smith, 4 Aug 2020
Article was migrated from WordPress to Vanilla in March 2022
If you are getting an iptables related issue generally or when trying to use an OpenVPN installer script or general VPN setup and the error is similar to:
iptables-restore v1.8.4 (legacy): couldn't load match `limit':no such file or directory
or
iptables v1.8.2 (nf_tables): unknown option "--dport"
or
iptables v1.8.4 (nf_tables): unknown option "--dport"
or
error: couldn't determine iptables version
The cause is likely to be as a result of you using an OpenVZ container without nftable support in the host node kernel or perhaps you have upgraded Debian from a previous version and don't have the modules loaded in the kernel or perhaps the installer script you are using simply expects iptables rather than nftables.
You can resolve this by switching back to iptables (now being called iptables legacy) simply running:
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
For OpenVZ conatiners you may need to run the following instead:
apt install iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
To revert if that was notthe issue then you need to run:
update-alternatives --set iptables /usr/sbin/iptables-nft
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
update-alternatives --set arptables /usr/sbin/arptables-nft
update-alternatives --set ebtables /usr/sbin/ebtables-nft