[Bug 1186] New: ip6tables-restore not passing useful error messages from ip6tables
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Oct 1 01:17:06 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1186
Bug ID: 1186
Summary: ip6tables-restore not passing useful error messages
from ip6tables
Product: iptables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: enhancement
Priority: P5
Component: unknown
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: jasonhendry1987 at gmail.com
Hi,
I am using ip6tables-restore v1.6.0 (ubuntu 16.04 pkg from official repos).
When generating an IPv6 firewall with an option not supported by IPv6
ip6tables-restore gives this error: (line 76 is the last line in the file with
the COMMIT statement):
ip6tables-restore: line 76 failed
After debugging the rules manually I found the issue:
ip6tables -A DROP_BROADCAST_AND_MCAST --match state --state NEW --match
addrtype --dst-type BROADCAST --jump DROP
ip6tables: Invalid argument. Run `dmesg' for more information.
Running dmesg gives me:
[636716.526815] xt_addrtype: ipv6 does not support BROADCAST matching
If ip6tables-restore could pass the error from ip6tables that would be useful.
I have not tested if this happens with iptables-restore
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170930/971b01be/attachment.html>
More information about the netfilter-buglog
mailing list