[pkg-netfilter-team] Bug#912977: iptables: nftables layer breaks ipsec/policy keyword
Pierre Chifflier
pollux at debian.org
Tue Nov 6 19:38:41 GMT 2018
On Tue, Nov 06, 2018 at 02:02:06PM +0100, Arturo Borrero Gonzalez wrote:
> Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1290
>
> Hopefully next upstream release will contain a fix.
Hi,
Thanks Arturo.
After some more testing, it seems the bug would be less severe than it
looks:
- the (iptables) rules seems to work, the nft dump can just not show
them (which is a bug, but less important)
This was tested for the policy module, for OUTPUT.
- the iptables rules can be saved and reloaded as usual
- the produced nft ruleset should not be used (for ex to switch to
nftables), as it will load without error but without the nft_compat
keywords. This would also be a different bug.
I'm still running some more tests, but I think the severity can be
lowered.
Regards,
Pierre
More information about the pkg-netfilter-team
mailing list