On Sat, 12 Dec 2015 13:09:25 +0100 Noel Kuntze <noel@xxxxxxxxxxxxxxxxx> wrote: > - -m state has been deprecated for some time though. > Please try using -m conntrack instead. It offers more > functionality and is not considered deprecated. > Translation of -m state to --m conntrack: > - -m state --state foo,bar -> -m conntrack --ctstate foo,bar I tried this: iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT And I got the same error: iptables: Protocol wrong type for socket. I'm afraid something has changed between 4.3.0 and 4.3.1 kernel and some module isn't loading correctly. Here are the loaded modules: xt_conntrack 3401 0 x_tables 15108 7 xt_comment,ip_tables,xt_tcpudp,xt_conntrack,xt_LOG,iptable_filter,ipt_REJECT nf_conntrack_ftp 6750 0 nf_conntrack 56108 2 xt_conntrack,nf_conntrack_ftp Is there something missing? -- Linux 4.3.2: Blurry Fish Butt http://www.youtube.com/DanielFragaBR http://exchangewar.info Bitcoin: 12H6661yoLDUZaYPdah6urZS5WiXwTAUgL -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
