[pkg-netfilter-team] Bug#913877: iptables 1.8.2: ERROR when adding REJECT target to custom chains
Amos Jeffries
squid3 at treenet.co.nz
Fri Nov 16 10:20:02 GMT 2018
Followup experiments isolating the custom sub-chain are showing even
worse behaviour from the new iptables (-nft flavour).
These commands
iptables -N test-foo
iptables -I test-foo 1 -s 127.0.0.1 -j REJECT
Produces this output:
iptables v1.8.2 (nf_tables): RULE_INSERT failed (Invalid argument):
rule in chain test-foo
And this absurd syslog message:
x_tables: ip_tables: REJECT target: used from hooks FORWARD, but only
usable from INPUT/FORWARD/OUTPUT
For anyone else encountering issues from the new packages these commands:
update-alternatives --config iptables
update-alternatives --config ip6tables
to manually override the automatic package default with the '-legacy'
flavour is required to restore proper behaviour.
AYJ
More information about the pkg-netfilter-team
mailing list