Daniel Xu <dxu@xxxxxxxxx> wrote: > > Warning: Extension CONNMARK revision 0 not supported, missing kernel module? > > iptables v1.8.8 (nf_tables): Could not fetch rule set generation id: > > Invalid argument Martin, can you give result of modinfo xt_CONNMARK and modinfo nft_compat? I suspect your kernel lacks nf_tables support. > > iptables v1.8.8 (nf_tables): Could not fetch rule set generation id: > > Invalid argument Probably a kernel without nftables support? > So perhaps iptables/nftables suffered a regression somewhere. I'll take > a closer look tonight / tomorrow morning. Possible but unlikely, all those tests pass for me.
