View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017239 | CentOS-8 | iptables | public | 2020-04-10 15:44 | 2020-06-04 02:10 |
Reporter | champtar | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Product Version | 8.1.1911 | ||||
Summary | 0017239: iptables-nft fails to check / delete rules in raw table | ||||
Description | iptables command that used to work with iptables 'legacy' now fail with iptables-nft It works for filter table not for raw table # yum list installed iptables iptables.x86_64 1.8.2-16.el8 # cat /etc/redhat-release CentOS Linux release 8.1.1911 (Core) (I'm using CentOS 8 stream) | ||||
Steps To Reproduce | # iptables -t raw -L -n -v Chain PREROUTING (policy ACCEPT 13123 packets, 29M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 6869 packets, 406K bytes) pkts bytes target prot opt in out source destination # iptables -w2 -t raw -I OUTPUT -p udp -d 169.254.25.10 --dport 53 -j NOTRACK # iptables -t raw -L -n -v Chain PREROUTING (policy ACCEPT 13222 packets, 29M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 6940 packets, 413K bytes) pkts bytes target prot opt in out source destination 0 0 CT udp -- * * 0.0.0.0/0 169.254.25.10 udp dpt:53 NOTRACK # iptables -w2 -t raw -C OUTPUT -p udp -d 169.254.25.10 --dport 53 -j NOTRACK iptables: Bad rule (does a matching rule exist in that chain?). # iptables -w2 -t raw -D OUTPUT -p udp -d 169.254.25.10 --dport 53 -j NOTRACK iptables: Bad rule (does a matching rule exist in that chain?). # iptables -t raw -L -n -v Chain PREROUTING (policy ACCEPT 14251 packets, 29M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 7351 packets, 452K bytes) pkts bytes target prot opt in out source destination 0 0 CT udp -- * * 0.0.0.0/0 169.254.25.10 udp dpt:53 NOTRACK | ||||
Tags | "перезапуск системы" | ||||
This also happens on Debian buster (iptables 1.8.4-3), I'll open a bug upstream | |
Upstream bug: https://bugzilla.netfilter.org/show_bug.cgi?id=1422 | |
Upstream bug is now fixed, just need to be backported | |
iptables 1.8.5 is now released | |
Date Modified | Username | Field | Change |
---|---|---|---|
2020-04-10 15:44 | champtar | New Issue | |
2020-04-10 16:49 | champtar | Note Added: 0036675 | |
2020-04-10 17:01 | champtar | Note Added: 0036676 | |
2020-04-12 10:34 | bushuev.byshyi | Tag Attached: "перезапуск системы" | |
2020-04-15 21:37 | champtar | Note Added: 0036697 | |
2020-06-04 02:10 | champtar | Note Added: 0037034 |