[Bug 1298] New: Issue with REJECT in custom chains
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Nov 16 11:02:52 CET 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1298
Bug ID: 1298
Summary: Issue with REJECT in custom chains
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: iptables over nftable
Assignee: pablo at netfilter.org
Reporter: arturo at debian.org
Original bug report: https://bugs.debian.org/913877
=== 8< ===
Since upgrading iptables to the 1.8.2 version it has been completely
unable to do that vital task due to problems within nftables / iptables.
The example that I am facing right now is with active and large DoS
attacks email spam attacks. When fail2ban attempts to add the firewall
blocks, such as;
iptables -w -I f2b-postfix-sasl 1 -s 80.82.70.189 \
-j REJECT --reject-with icmp-port-unreachable
iptables produces an error:
iptables v1.8.2 (nf_tables): RULE_INSERT failed (Invalid argument):
rule in chain f2b-postfix-sasl
the system log matching that iptables update attempt states:
x_tables: ip_tables: REJECT target: used from hooks
FORWARD/OUTPUT/POSTROUTING, but only usable from INPUT/FORWARD/OUTPUT
=== 8< ===
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20181116/6d5bd715/attachment.html>
More information about the netfilter-buglog
mailing list