nftables compatibility (linux kernel 3.13 +) #14
Comments
|
In the Uninett@be15f6e fork of fwbuilder they added a >=1.4.20 iptable version and then handle som especial cases for the undelying nftables |
When I posted that possible fix at the Sourceforge I didn't knew about the fix applied to the reset iptables on this fork because of a possible deadlock condition. I edited the old script that was giving the errors and set the loop like the one available here https://github.com/sirius/fwbuilder/blob/master/src/res/configlets/linux24/reset_iptables |
|
@carlxvier Does the bug exist in current HEAD (sirius/fwbuilder@2dd4903)? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
"Chain already exists" errors on newer kernels seem to cause connections to drop. A second reload of the ruleset applies it without errors (always).
A possible solution has been added to this thread by cbastos
https://sourceforge.net/p/fwbuilder/discussion/16372/thread/d06b6ae9/
Are there other incompatibilities with nftables?
The text was updated successfully, but these errors were encountered: