FS#67309 - [firewalld] Creating a direct rule with the log-prefix opt throws iptables-restore error
Attached to Project:
Community Packages
Opened by Erik Nelson (eriknelson) - Friday, 17 July 2020, 16:27 GMT
Last edited by freswa (frederik) - Friday, 17 July 2020, 23:17 GMT
Opened by Erik Nelson (eriknelson) - Friday, 17 July 2020, 16:27 GMT
Last edited by freswa (frederik) - Friday, 17 July 2020, 23:17 GMT
|
Details
Description:
Creating a direct rule via firewall-cmd with a jump target of LOG and a --log-prefix option throws an error from iptables-restore with "unknown option": [root@<hostname> ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -p icmp -s 192.168.100.0/24 -j LOG --log-prefix TEST Error: COMMAND_FAILED: '/usr/bin/iptables-restore -w -n' failed: iptables-restore v1.8.5 (legacy): unknown option "--log-prefix" Error occurred at line: 2 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The same cmd is accepted and works fine in CentOS8. One notable difference is the iptables-restore reported version: [Arch] [root@<hostname> ~]# iptables-restore --version iptables-restore v1.8.5 (legacy) [CentOS8] [root@<hostname> ~]# iptables-restore --version iptables-restore v1.8.4 (nf_tables) Additional info: * package version(s) # pacman -Q | grep -i iptables iptables 1:1.8.5-2 Steps to reproduce: Attempt to run the above command, it errors out and fails to be created. |
This task depends upon
Closed by freswa (frederik)
Friday, 17 July 2020, 23:17 GMT
Reason for closing: Not a bug
Additional comments about closing: "Not sure what changed about my environment, but a reboot resolved this issue."
Friday, 17 July 2020, 23:17 GMT
Reason for closing: Not a bug
Additional comments about closing: "Not sure what changed about my environment, but a reboot resolved this issue."
[root@<hostname> ~]# iptables -A FORWARD -p icmp -j LOG
iptables v1.8.5 (legacy): Couldn't load target `LOG':No such file or directory
Is this expected?
[root@<hostname> ~]# lsmod | grep nf_log
nf_log_ipv6 16384 0
nf_log_ipv4 16384 0
nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6
[root@<hostname> ~]# lsmod | grep nf_log
nf_log_ipv6 16384 0
nf_log_ipv4 16384 0
nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6
[root@<hostname> ~]# lsmod | grep nf_log
nf_log_ipv6 16384 0
nf_log_ipv4 16384 0
nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6