Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#43306 - [nftables] inet family not allowed for tables (default configuration failing)
Attached to Project:
Arch Linux
Opened by Ma Jiehong (jiehong) - Friday, 02 January 2015, 16:31 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 05 January 2015, 23:21 GMT
Opened by Ma Jiehong (jiehong) - Friday, 02 January 2015, 16:31 GMT
Last edited by Sébastien Luttringer (seblu) - Monday, 05 January 2015, 23:21 GMT
|
DetailsDescription:
When installing nftables, the default configuration (/etc/nftables.conf) creates a new table called "filter" for the inet family (IPv4 and IPv6), but loading it fails. Additional info: * package version: 1:0.4-1 * default config file: /etc/nftables.conf. First, let's see that the default configuration fails: Steps to reproduce: 1. Install nftables and libnftnl; 2. Run nft on the default configuration: `nft -f /etc/nftables.conf`; Here is the output: /home/jiehong/firewall.rules:2:1-2: Error: Could not process rule: Invalid argument table inet firewall { ^^ This does not happen with a table of another family. On the other hand, it seems that creating a table on the fly with the nft tool works, but does nothing when given a specific family. Steps to reproduce a working example: 1. run `nft add table dummy`; 2. check that the table has been created by running `nft list tables`. Now, if you try to create an inet, or even an ip6 table: 1. run `nft add table inet dummy2`; 2: check that the table hasn't been created with `nft list tables`. Priority is very high, because the default configuration crashes. |
This task depends upon
Closed by Sébastien Luttringer (seblu)
Monday, 05 January 2015, 23:21 GMT
Reason for closing: Fixed
Additional comments about closing: nftables-1:0.4-2
Monday, 05 January 2015, 23:21 GMT
Reason for closing: Fixed
Additional comments about closing: nftables-1:0.4-2
You could update to linux from [testing].
Any chance to see linux 3.18.1 in [core] soon?
reject
with something like
reject with icmp type port-unreachable
for linux 3.17.x.
Thank you for the note.
I switched to the syntax suggested by Christian, that works for both <3.18 and 3.18.