On Sat, Dec 12, 2015 at 02:06:55PM -0200, Dâniel Fraga wrote:
> I tried this:
>
> iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
>
> And I got the same error:
>
> iptables: Protocol wrong type for socket.
There is some problem with the revision infrastructure.
iptables is asking for a match revision that is not available in the
kernel. So the negotiation between userspace and kernel to use a given
version of this match is failing for some reason.
Could you apply this patch and tell me what it shows when you run this
command and the one using -m state?
BTW, any particularly on your setup that is worth mention?
Thanks.
diff --git a/libxtables/xtables.c b/libxtables/xtables.c
index f14d503..d0e942c 100644
--- a/libxtables/xtables.c
+++ b/libxtables/xtables.c
@@ -825,6 +825,8 @@ int xtables_compatible_revision(const char *name, uint8_t revision, int opt)
static int compatible_match_revision(const char *name, uint8_t revision)
{
+ printf("compatible_match_revision name=%s revision=%u\n",
+ name, revision);
return xt_params->compat_rev(name, revision, afinfo->so_rev_match);
}
