bugzilla-daemon at netfilter.org
2017-Sep-30 23:17 UTC
[Bug 1186] New: ip6tables-restore not passing useful error messages from ip6tables
https://bugzilla.netfilter.org/show_bug.cgi?id=1186
Bug ID: 1186
Summary: ip6tables-restore not passing useful error messages
from ip6tables
Product: iptables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: enhancement
Priority: P5
Component: unknown
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: jasonhendry1987 at gmail.com
Hi,
I am using ip6tables-restore v1.6.0 (ubuntu 16.04 pkg from official repos).
When generating an IPv6 firewall with an option not supported by IPv6
ip6tables-restore gives this error: (line 76 is the last line in the file with
the COMMIT statement):
ip6tables-restore: line 76 failed
After debugging the rules manually I found the issue:
ip6tables -A DROP_BROADCAST_AND_MCAST --match state --state NEW --match
addrtype --dst-type BROADCAST --jump DROP
ip6tables: Invalid argument. Run `dmesg' for more information.
Running dmesg gives me:
[636716.526815] xt_addrtype: ipv6 does not support BROADCAST matching
If ip6tables-restore could pass the error from ip6tables that would be useful.
I have not tested if this happens with iptables-restore
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170930/971b01be/attachment.html>
Reasonably Related Threads
- [Bug 812] New: addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache
- [Bug 1751] New: ip6tables-restore doesn't restore counters
- [Bug 812] addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache
- [Bug 1412] New: ip6tables-nft not accepting "icmp" as shorthand for "icmpv6"
- [Bug 812] addrtype with limit-iface-in in ip6tables/nat/PREROUTING messes up the route cache
Wisdom of the Ancients
