I have many of these in system logs:- [97468.141932] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore. [97468.141937] physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for non-bridged traffic is not supported anymore. So many, it makes it difficult to see anything else. That was until I read this:- http://wiki.xensource.com/xenwiki/XenNetworking#head-602e26cd4a03b992f3938fe1bea03fa0fea0ed8b ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in eth0 ! --physdev-out eth0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match ! --physdev-in eth0 --physdev-out eth0 The messages are certainly repressed, but I still get the occasional, sporadic batch of messages. Can anyone assist me please? Thanks, Jon
2012/3/2 Jonathan Gowar <jon@whiteheat.org.uk>:> I have many of these in system logs:- > > [97468.141932] physdev match: using --physdev-out in the OUTPUT, FORWARD > and POSTROUTING chains for non-bridged traffic is not supported anymore. > [97468.141937] physdev match: using --physdev-out in the OUTPUT, FORWARD > and POSTROUTING chains for non-bridged traffic is not supported anymore.1. Write to the bridge-utils developers asking them to remove those informal messages, since people have quite sufficiently seen them over the last 5 years or so. 2. Even cooler would be them supressing the messages if the rule in question is doing bridged traffic. 3. Or switch to openvswitch. Florian
On Mar 2, 2012 9:36 PM, "Jonathan Gowar" <jon@whiteheat.org.uk> wrote:> > I have many of these in system logs:- > > [97468.141932] physdev match: using --physdev-out in the OUTPUT, FORWARD > and POSTROUTING chains for non-bridged traffic is not supported anymore. > [97468.141937] physdev match: using --physdev-out in the OUTPUT, FORWARD > and POSTROUTING chains for non-bridged traffic is not supported anymore. > > So many, it makes it difficult to see anything else. That was until I > read this:- > >http://wiki.xensource.com/xenwiki/XenNetworking#head-602e26cd4a03b992f3938fe1bea03fa0fea0ed8b> > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV > match --physdev-in eth0 ! --physdev-out eth0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV > match ! --physdev-in eth0 --physdev-out eth0 > > The messages are certainly repressed, but I still get the occasional, > sporadic batch of messages. > > Can anyone assist me please? > > Thanks, > Jon > >As the messages declared, you have some messed-up iptables rules. Delete / modify the offending rules. Easiest way : cd ~ iptables-save > myrules vi myrules iptables-restore < myrules then, use your distro''s method to make the changes permanent (i.e., survives reboots) Rgds, _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
On Fri, 2012-03-02 at 22:56 +0700, Pandu Poluan wrote:> As the messages declared, you have some messed-up iptables rules. > Delete / modify the offending rules.I''ve not. With the exception of fail2ban, everything in iptables is default from Xen.
On Mar 2, 2012 11:04 PM, "Jonathan Gowar" <jon@whiteheat.org.uk> wrote:> > On Fri, 2012-03-02 at 22:56 +0700, Pandu Poluan wrote: > > As the messages declared, you have some messed-up iptables rules. > > Delete / modify the offending rules. > > I''ve not. With the exception of fail2ban, everything in iptables is > default from Xen. >I see. You may not be the one who messed it up, but you unfortunately ended up with the broken pieces. The easiest way to fix the "too many deprecation notice" at the moment IMO is to edit the rules yourself. Rgds, _______________________________________________ Xen-users mailing list Xen-users@lists.xen.org http://lists.xen.org/xen-users
On Fri, 2012-03-02 at 23:11 +0700, Pandu Poluan wrote:> > On Mar 2, 2012 11:04 PM, "Jonathan Gowar" <jon@whiteheat.org.uk> > wrote: > > > > On Fri, 2012-03-02 at 22:56 +0700, Pandu Poluan wrote: > > > As the messages declared, you have some messed-up iptables rules. > > > Delete / modify the offending rules. > > > > I''ve not. With the exception of fail2ban, everything in iptables is > > default from Xen. > > > > I see. You may not be the one who messed it up, but you unfortunately > ended up with the broken pieces. The easiest way to fix the "too many > deprecation notice" at the moment IMO is to edit the rules yourself.Shrewd :) I may have stumbled upon the problem. From Xen wiki on bridging I read "For a machine with a single ethernet ...", well I''ve 2 interfaces, with eth1 down, I''d hope the messages will cease. An ntp quickly confirmed at least one process was using eth1, which could very well have been generating that message. Thanks for taking you time to reply. Regards, Jon
On Fri, 2012-03-02 at 15:43 +0100, Florian Heigl wrote:> 2012/3/2 Jonathan Gowar <jon@whiteheat.org.uk>: > > I have many of these in system logs:- > > > > [97468.141932] physdev match: using --physdev-out in the OUTPUT, FORWARD > > and POSTROUTING chains for non-bridged traffic is not supported anymore. > > [97468.141937] physdev match: using --physdev-out in the OUTPUT, FORWARD > > and POSTROUTING chains for non-bridged traffic is not supported anymore. > > 1. Write to the bridge-utils developers asking them to remove those > informal messages, since people have quite sufficiently seen them over > the last 5 years or so. > 2. Even cooler would be them supressing the messages if the rule in > question is doing bridged traffic.bridge-utils wrote: It is a netfilter (not bridging issue), Contact netfilter developers at: netfilter@vger.kernel.org I''ve contacted netfilter@vger.kernel.org and am currently waiting a reply.