How to enable IPTABLES without replacing rootfs?

We have been using for the past 3 months and image with an Ubuntu 16.04 rootfs with the kernel 4.9.67-+g1db9f06 from the Apalis-iMX6_LXDE-Image_2.8b1.64-20171229 base image.

It wasn’t until recently that we noticed that the module iptables is not configured in the kernel by default. From this question Iptables - iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) - Technical Support - Toradex Community our understanding is that we will need to checkout the linux-toradex repo with the branch toradex_4.9-1.0.x-imx then make the modifications to arm/configs/apalis_imx6_defconfig, compile the kernel and replace in the flashed SD card the compiled zImage file.

Assuming this will work, wouldn’t we be losing our custom rootfs? If this is the case is there something we can do about it in order to use iptables while keeping the rootfs? We tried using a *.ko kernel object but it wasn’t loaded.

We appreciate any help/tip you can provide. Thanks as always for your time.

Dear @jdunia,

please check the following link for modules deployment. You can use your custom rootfs and deploy modules of your need. Also, you may directly include the modules in the kernel you will be using (rather to add it as an external module), recompile it and flash it with your rootfs.

Thanks @alvaro.tx for the promptly response. We have been doing tests over these past few days to make sure changes are working fine!

The only difference we can notice is that the kernel version is now 4.9.67-dirty, which we are ok with that. I know if we do a commit of the changes the “dirty” will be replaced, however as long as the changes are related only to compiling external modules we don’t plan to do that.

Thanks again.
Best,
Jose