From 27b8e83aa5dea19e8047315b9b31f7e727e325e5 Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Wed, 11 Mar 2026 13:35:56 +0000
Subject: [PATCH] Use ErrKernelModuleMissing when missing kernel module string
 is detected

---
 internal/firewall/iptables/ip6tables.go | 3 +++
 internal/firewall/iptables/iptables.go  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/internal/firewall/iptables/ip6tables.go b/internal/firewall/iptables/ip6tables.go
index 6e096699..19ef233e 100644
--- a/internal/firewall/iptables/ip6tables.go
+++ b/internal/firewall/iptables/ip6tables.go
@@ -76,6 +76,9 @@ func (c *Config) runIP6tablesInstructionNoSave(ctx context.Context, instruction
 	cmd := exec.CommandContext(ctx, c.ip6Tables, flags...) // #nosec G204
 	c.logger.Debug(cmd.String())
 	if output, err := c.runner.Run(cmd); err != nil {
+		if strings.Contains(output, "missing kernel module") {
+			err = ErrKernelModuleMissing
+		}
 		return fmt.Errorf("command failed: \"%s %s\": %s: %w",
 			c.ip6Tables, instruction, output, err)
 	}
diff --git a/internal/firewall/iptables/iptables.go b/internal/firewall/iptables/iptables.go
index d3671e5c..4a42e9a7 100644
--- a/internal/firewall/iptables/iptables.go
+++ b/internal/firewall/iptables/iptables.go
@@ -92,6 +92,9 @@ func (c *Config) runIptablesInstructionNoSave(ctx context.Context, instruction s
 	cmd := exec.CommandContext(ctx, c.ipTables, flags...) // #nosec G204
 	c.logger.Debug(cmd.String())
 	if output, err := c.runner.Run(cmd); err != nil {
+		if strings.Contains(output, "missing kernel module") {
+			err = ErrKernelModuleMissing
+		}
 		return fmt.Errorf("command failed: \"%s %s\": %s: %w",
 			c.ipTables, instruction, output, err)
 	}