Robert <robert.smith51@xxxxxxxxxxxxxx> wrote: > I have recently encountered the issue described in the aforementioned Bugzilla issue (#1659) as, among others, Debian 12 ships the affected iptables v1.8.9. This can trip up a number of other applications that rely on the iptables command, including the Docker daemon, preventing it from creating correct FW rules if any nftables "meta" rules are present during startup. > > After some bisecting, I was able to determine that this issue was introduced by commit 66806feef085c0504966c484f687bdf7b09510e3 ("nft: Fix meta statement parsing"). Reverting the commit in question resolves the issue, and no further errors are produced by builds of the 1.8.9 version. No, the old version doesn't work either, it will ignore/suppress the nft mark rule. You cannot mix nftables and iptables-nft one the same table.