I've downloaded the latest RPi image and installed it on my SD card, it works just fine.
when i try to use iptable

iptables -L
iptables v1.4.14: can"t initialize iptables table 'filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernal needs to be upgraded.
and indeed lsmod doesnt show iptables, nor can i modprobe/insmod it
i tried to update/upgrade/dist-upgrade and still nothing

am i missing something or does this image not come with iptables?

Same issue here. This isnt something I'm strong at but would making this work only require getting an ip_tables module and putting it in the modules folder, or is this something that has to be compiled into the kernel?

I've made little progress, but I still don't have it resolved. Here is what I've done:

First take a look at this:http://docs.kali.org/armel-armhf/kali-linux-arm-chroot
Then take a look here (more important): http://docs.kali.org/development/custom-raspberry-pi-image
First I started by trying to build a custom image, which isn't hard but it is overkill since you can modify the standard image you have already downloaded. You will obviously need to bake a new kernel, and throw into the the image, which is really just a subset of the second link. The tools that the Kali team links to doesn't work for me, but the tools that standard raspberry pi community links to does work for me. I provided links along the way to show you how I derived my path. I also included my kernel config diff and the modules I have loaded.

Namely:

#Link to image:
loopdevice=`losetup -f --show <image name>.img`
device=`kpartx -va $loopdevice| sed -E 's/.*(loop[0-9])p.*/\1/g' | head -1`
device="/dev/mapper/${device}"
bootp=${device}p1
rootp=${device}p2

#mount it (I assume your following along with path):
mount $rootp root
mount $bootp boot

# time to build (This process can be sped up if you get config.gz and "zcat config.gz > .config" in your kernel dir), I applied my kernel config diff below
cd ~/arm-stuff
mkdir -p kernel
cd kernel
git clone https://github.com/raspberrypi/tools.git
git clone https://github.com/raspberrypi/linux.git raspberrypi
cd raspberrypi
touch .scmversion
export ARCH=arm
export CROSS_COMPILE=~/arm-stuff/kernel/toolchains/arm-eabi-linaro-4.6.2/bin/arm-eabi- # This compiler did not work for me, I used the other one discussed here: http://elinux.org/Rpi_kernel_compilation
make bcmrpi_cutdown_defconfig
# configure your kernel !
make menuconfig
make -j$(cat /proc/cpuinfo|grep processor|wc -l)
make modules_install INSTALL_MOD_PATH=~/arm-stuff/images/root
cd ../tools/mkimage/
python imagetool-uncompressed.py ../../raspberrypi/arch/arm/boot/Image

#Push it to the image
cd ~/arm-stuff/images
cp ~/arm-stuff/kernel/tools/mkimage/kernel.img boot/

# reduced cleanup, in case you need to rinse and repeat
umount $rootp
umount $bootp

#dd your image...

Okay, after it boots these are the modules I have loaded:
root@kali:~# lsmod
Module Size Used by
nf_nat_ftp 952 0
iptable_nat 2408 0
nf_conntrack_ftp 4856 1 nf_nat_ftp
ipt_MASQUERADE 984 0
nf_nat 9818 3 nf_nat_ftp,ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 8756 3 nf_nat,iptable_nat
nf_defrag_ipv4 636 1 nf_conntrack_ipv4
nf_conntrack 43092 6 nf_nat_ftp,ipt_MASQUERADE,nf_nat,nf_conntrack_ftp, iptable_nat,nf_conntrack_ipv4
ip_tables 8532 1 iptable_nat
x_tables 8776 3 ip_tables,ipt_MASQUERADE,iptable_nat
ipv6 212924 12
leds_gpio 1648 0
led_class 1788 1 leds_gpio

and unfortunately I still get the error:
root@kali:~# iptables -L
iptables v1.4.14: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Anyone see what is missing? I feel like I should be close... I'm actually surprised that Debian or Kali teams don't have documentation explaining how to get iptables capability working. A google search digs up a lot of similar questions and I haven't seen a resolution that actually works (I have tried a few that don't).

Anthony

Okay, these are the differences between the stock Kali kernel configuration and mine:
diff .config config.org
465d464
< CONFIG_XFRM_IPCOMP=m
470,474c469
< CONFIG_IP_ADVANCED_ROUTER=y
< # CONFIG_IP_FIB_TRIE_STATS is not set
< # CONFIG_IP_MULTIPLE_TABLES is not set
< # CONFIG_IP_ROUTE_MULTIPATH is not set
< # CONFIG_IP_ROUTE_VERBOSE is not set
---
> # CONFIG_IP_ADVANCED_ROUTER is not set
482c477
< CONFIG_ARPD=y
---
> # CONFIG_ARPD is not set
484,488c479,482
< # CONFIG_NET_IPVTI is not set
< CONFIG_INET_AH=m
< CONFIG_INET_ESP=m
< CONFIG_INET_IPCOMP=m
< CONFIG_INET_XFRM_TUNNEL=m
---
> # CONFIG_INET_AH is not set
> # CONFIG_INET_ESP is not set
> # CONFIG_INET_IPCOMP is not set
> # CONFIG_INET_XFRM_TUNNEL is not set
490,496c484,488
< CONFIG_INET_XFRM_MODE_TRANSPORT=m
< CONFIG_INET_XFRM_MODE_TUNNEL=m
< CONFIG_INET_XFRM_MODE_BEET=m
< CONFIG_INET_LRO=y
< CONFIG_INET_DIAG=y
< CONFIG_INET_TCP_DIAG=y
< CONFIG_INET_UDP_DIAG=m
---
> # CONFIG_INET_XFRM_MODE_TRANSPORT is not set
> # CONFIG_INET_XFRM_MODE_TUNNEL is not set
> # CONFIG_INET_XFRM_MODE_BEET is not set
> # CONFIG_INET_LRO is not set
> # CONFIG_INET_DIAG is not set
523,679c515
< CONFIG_NETFILTER=y
< # CONFIG_NETFILTER_DEBUG is not set
< CONFIG_NETFILTER_ADVANCED=y
<
< #
< # Core Netfilter Configuration
< #
< CONFIG_NETFILTER_NETLINK=m
< CONFIG_NETFILTER_NETLINK_ACCT=m
< CONFIG_NETFILTER_NETLINK_QUEUE=m
< CONFIG_NETFILTER_NETLINK_LOG=m
< CONFIG_NF_CONNTRACK=m
< CONFIG_NF_CONNTRACK_MARK=y
< CONFIG_NF_CONNTRACK_PROCFS=y
< # CONFIG_NF_CONNTRACK_EVENTS is not set
< # CONFIG_NF_CONNTRACK_TIMEOUT is not set
< # CONFIG_NF_CONNTRACK_TIMESTAMP is not set
< CONFIG_NF_CT_PROTO_DCCP=m
< CONFIG_NF_CT_PROTO_GRE=m
< CONFIG_NF_CT_PROTO_SCTP=m
< CONFIG_NF_CT_PROTO_UDPLITE=m
< CONFIG_NF_CONNTRACK_AMANDA=m
< CONFIG_NF_CONNTRACK_FTP=m
< CONFIG_NF_CONNTRACK_H323=m
< CONFIG_NF_CONNTRACK_IRC=m
< CONFIG_NF_CONNTRACK_BROADCAST=m
< CONFIG_NF_CONNTRACK_NETBIOS_NS=m
< CONFIG_NF_CONNTRACK_SNMP=m
< CONFIG_NF_CONNTRACK_PPTP=m
< CONFIG_NF_CONNTRACK_SANE=m
< CONFIG_NF_CONNTRACK_SIP=m
< CONFIG_NF_CONNTRACK_TFTP=m
< CONFIG_NF_CT_NETLINK=m
< CONFIG_NF_CT_NETLINK_TIMEOUT=m
< # CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
< # CONFIG_NETFILTER_TPROXY is not set
< CONFIG_NETFILTER_XTABLES=m
<
< #
< # Xtables combined modules
< #
< # CONFIG_NETFILTER_XT_MARK is not set
< # CONFIG_NETFILTER_XT_CONNMARK is not set
<
< #
< # Xtables targets
< #
< # CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
< # CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
< # CONFIG_NETFILTER_XT_TARGET_CONNMARK is not set
< # CONFIG_NETFILTER_XT_TARGET_CT is not set
< # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
< # CONFIG_NETFILTER_XT_TARGET_HL is not set
< # CONFIG_NETFILTER_XT_TARGET_HMARK is not set
< # CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
< # CONFIG_NETFILTER_XT_TARGET_LED is not set
< # CONFIG_NETFILTER_XT_TARGET_LOG is not set
< # CONFIG_NETFILTER_XT_TARGET_MARK is not set
< # CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
< # CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
< # CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set
< # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
< # CONFIG_NETFILTER_XT_TARGET_TEE is not set
< # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
< # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
< # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
<
< #
< # Xtables matches
< #
< # CONFIG_NETFILTER_XT_MATCH_ADDRTYPE is not set
< # CONFIG_NETFILTER_XT_MATCH_CLUSTER is not set
< # CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
< # CONFIG_NETFILTER_XT_MATCH_CONNBYTES is not set
< # CONFIG_NETFILTER_XT_MATCH_CONNLIMIT is not set
< # CONFIG_NETFILTER_XT_MATCH_CONNMARK is not set
< # CONFIG_NETFILTER_XT_MATCH_CONNTRACK is not set
< # CONFIG_NETFILTER_XT_MATCH_CPU is not set
< # CONFIG_NETFILTER_XT_MATCH_DCCP is not set
< # CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
< # CONFIG_NETFILTER_XT_MATCH_DSCP is not set
< # CONFIG_NETFILTER_XT_MATCH_ECN is not set
< # CONFIG_NETFILTER_XT_MATCH_ESP is not set
< # CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
< # CONFIG_NETFILTER_XT_MATCH_HELPER is not set
< # CONFIG_NETFILTER_XT_MATCH_HL is not set
< # CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
< # CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
< # CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
< # CONFIG_NETFILTER_XT_MATCH_MAC is not set
< # CONFIG_NETFILTER_XT_MATCH_MARK is not set
< # CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
< # CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
< # CONFIG_NETFILTER_XT_MATCH_OSF is not set
< # CONFIG_NETFILTER_XT_MATCH_OWNER is not set
< # CONFIG_NETFILTER_XT_MATCH_POLICY is not set
< # CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
< # CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
< # CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
< # CONFIG_NETFILTER_XT_MATCH_REALM is not set
< # CONFIG_NETFILTER_XT_MATCH_RECENT is not set
< # CONFIG_NETFILTER_XT_MATCH_SCTP is not set
< # CONFIG_NETFILTER_XT_MATCH_STATE is not set
< # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
< # CONFIG_NETFILTER_XT_MATCH_STRING is not set
< # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
< # CONFIG_NETFILTER_XT_MATCH_TIME is not set
< # CONFIG_NETFILTER_XT_MATCH_U32 is not set
< # CONFIG_IP_SET is not set
< # CONFIG_IP_VS is not set
<
< #
< # IP: Netfilter Configuration
< #
< CONFIG_NF_DEFRAG_IPV4=m
< CONFIG_NF_CONNTRACK_IPV4=m
< CONFIG_NF_CONNTRACK_PROC_COMPAT=y
< # CONFIG_IP_NF_QUEUE is not set
< CONFIG_IP_NF_IPTABLES=m
< # CONFIG_IP_NF_MATCH_AH is not set
< # CONFIG_IP_NF_MATCH_ECN is not set
< # CONFIG_IP_NF_MATCH_RPFILTER is not set
< # CONFIG_IP_NF_MATCH_TTL is not set
< # CONFIG_IP_NF_FILTER is not set
< # CONFIG_IP_NF_TARGET_ULOG is not set
< CONFIG_NF_NAT=m
< CONFIG_NF_NAT_NEEDED=y
< CONFIG_IP_NF_TARGET_MASQUERADE=m
< CONFIG_IP_NF_TARGET_NETMAP=m
< CONFIG_IP_NF_TARGET_REDIRECT=m
< CONFIG_NF_NAT_SNMP_BASIC=m
< CONFIG_NF_NAT_PROTO_DCCP=m
< CONFIG_NF_NAT_PROTO_GRE=m
< CONFIG_NF_NAT_PROTO_UDPLITE=m
< CONFIG_NF_NAT_PROTO_SCTP=m
< CONFIG_NF_NAT_FTP=m
< CONFIG_NF_NAT_IRC=m
< CONFIG_NF_NAT_TFTP=m
< CONFIG_NF_NAT_AMANDA=m
< CONFIG_NF_NAT_PPTP=m
< CONFIG_NF_NAT_H323=m
< CONFIG_NF_NAT_SIP=m
< CONFIG_IP_NF_MANGLE=m
< CONFIG_IP_NF_TARGET_CLUSTERIP=m
< # CONFIG_IP_NF_TARGET_ECN is not set
< # CONFIG_IP_NF_TARGET_TTL is not set
< CONFIG_IP_NF_RAW=m
< CONFIG_IP_NF_ARPTABLES=m
< CONFIG_IP_NF_ARPFILTER=m
< CONFIG_IP_NF_ARP_MANGLE=m
<
< #
< # IPv6: Netfilter Configuration
< #
< # CONFIG_NF_DEFRAG_IPV6 is not set
< # CONFIG_NF_CONNTRACK_IPV6 is not set
< # CONFIG_IP6_NF_IPTABLES is not set
---
> # CONFIG_NETFILTER is not set
2289,2290d2124
< CONFIG_TEXTSEARCH=y
< CONFIG_TEXTSEARCH_KMP=m

I have the same issue, been spending hours trying to get iptables working, did you ever get this to work?

How do we ask Kali developers to install a firewall GUI and IP tables and fix wifi driver problem?

@agabriel
Can you tell me where the default Kali Kernel config is ?
Tried to compile a new Kernel with iptables support direcly on the Raspian Pi - but there is no config file as here described --> http://docs.kali.org/development/recompiling-the-kali-linux-kernel


cp /boot/config-3.7-trunk-amd64 .config

The "/boot" is empty here:


root@kali:/usr/src/linux-source-3.7# pwd
/usr/src/linux-source-3.7
root@kali:/usr/src/linux-source-3.7# ls -l /boot/
total 0
root@kali:/usr/src/linux-source-3.7#


If this here is a process that took to long if will use a Debain image with a kernel that comes with iptables and add the Kali tools.

So, what's the status? Has anyone been able to get iptables working? I downloaded a kernel from someone trying to get iptables to work on the pi and it works! However I lose my keyboard and trackpad functionality on my atrix lapdock. Anyone here's a link to the website of the gentlement who compiled the kernel. It's available on the download page. http://daleruane.co.uk/securing-the-pi-part-2/

Hi all

on my pi I could solve the problem with doing a "rpi-update".

I use the "2014-01-07-wheezy-raspbian.zip"

root@plan02:~# uname -a
Linux plan02 3.10.27+ #630 PREEMPT Fri Jan 17 19:44:36 GMT 2014 armv6l GNU/Linux

root@plan02:~# iptables -nvL
Chain INPUT (policy ACCEPT 722 packets, 104K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 329 packets, 42528 bytes)
pkts bytes target prot opt in out source destination

for me, the problem has been solved with a firmware update of the pi.