Il giorno mar 9 ott 2018 alle ore 16:39 Florian Westphal <fw@xxxxxxxxx> ha scritto: > > Pedretti Fabio <pedretti.fabio@xxxxxxxxx> wrote: > > Hi, I tried iptables 1.8 with the new nf_tables back-end using the > > Debian 1.8.0-1~exp1 package with my firewall script. > > > > It seems to properly load most rules, however I am getting an error > > when negating an interface and using protocol ports, which works fine > > with classic iptables. > > > > Specifically these work OK: > > # iptables -A INPUT ! -i eth0 -p udp -j ACCEPT > > # iptables -A INPUT -i eth0 -p udp --dport 5202 -j ACCEPT > > > > But when using an interface negation with --sport or --dport it > > reports an error, here is an example: > > # iptables -A INPUT ! -i eth0 -p udp --dport 5202 -j ACCEPT > > iptables v1.8.0 (nf_tables): RULE_APPEND failed (Invalid argument): > > rule in chain INPUT > > Thanks for reporting, I think we should make a 1.81 release soon, > this bug is fixed in iptables.git already. > > I'll prepare this, if there are objections please let me know. I verified building iptables from git this issue is fixed. It would be nice to have a release soon, so that the fix gets into Linux distros (e.g. Debian). Thanks.
