<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Issue with REJECT in custom chains"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1298">1298</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Issue with REJECT in custom chains
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>Debian GNU/Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>iptables over nftable
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>arturo@debian.org
</td>
</tr></table>
<p>
<div>
<pre>Original bug report: <a href="https://bugs.debian.org/913877">https://bugs.debian.org/913877</a>
=== 8< ===
Since upgrading iptables to the 1.8.2 version it has been completely
unable to do that vital task due to problems within nftables / iptables.
The example that I am facing right now is with active and large DoS
attacks email spam attacks. When fail2ban attempts to add the firewall
blocks, such as;
iptables -w -I f2b-postfix-sasl 1 -s 80.82.70.189 \
-j REJECT --reject-with icmp-port-unreachable
iptables produces an error:
iptables v1.8.2 (nf_tables): RULE_INSERT failed (Invalid argument):
rule in chain f2b-postfix-sasl
the system log matching that iptables update attempt states:
x_tables: ip_tables: REJECT target: used from hooks
FORWARD/OUTPUT/POSTROUTING, but only usable from INPUT/FORWARD/OUTPUT
=== 8< ===</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>