[Bug 1147] iptables rule to match a 'set' shows [unsupported revision]

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Apr 30 22:35:05 CEST 2017 

https://bugzilla.netfilter.org/show_bug.cgi?id=1147

--- Comment #4 from Willem de Bruijn <willem.j.debruijn at gmail.com> ---
Thanks for the step-by-step instructions.

I am unable to reproduce those steps on an upstream v4.9 or v4.11-rc8 with
ipset 6.32 and iptables 1.6.1 both built from head:

  ./xtables-multi.1.6.1 iptables --version
  iptables v1.6.1
   ./ipset -v
  ipset v6.32, protocol version: 6

  ./ipset create LocalMasq hash:net
  ./ipset add LocalMasq 192.168.2.0/24
  ./ipset add LocalMasq 192.168.10.0/24

  ./xtables-multi.1.6.1 iptables -A POSTROUTING -t nat -m set --match-set myset
src -o eth0 -j MASQUERADE
  ./xtables-multi.1.6.1 iptables -t nat -A POSTROUTING -m set --match-set
LocalMasq src -o eth0 -j MASQUERADE
  ./xtables-multi.1.6.1 iptables -vxnL -t nat

  ./xtables-multi.1.6.1 iptables -t nat -F
  ./ipset --destroy LocalMasq

  Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
      pkts      bytes target     prot opt in     out     source              
destination         

  Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts      bytes target     prot opt in     out     source              
destination         

  Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts      bytes target     prot opt in     out     source              
destination         

  Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
      pkts      bytes target     prot opt in     out     source              
destination         
         0        0 MASQUERADE  all  --  *      eth0    0.0.0.0/0            
0.0.0.0/0            match-set myset src
         0        0 MASQUERADE  all  --  *      eth0    0.0.0.0/0           
0.0.0.0/0            match-set LocalMasq src


We are aware of one issue that would trigger this output: when different
iptables binaries are used on the same machine, such that one binary supports
fewer match revision than the other and the kernel. I am working on a fix.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170430/94c26932/attachment.html>

More information about the netfilter-buglog mailing list