Aha, I see the patch for the xtables typo, will keep an eye out for that commit. On Fri, Oct 18, 2024 at 1:31 PM Fred Richards <fredr@xxxxxxxxxxxxx> wrote: > > Hello, > I have a homelab with a bunch of rocky vms where I use the elrepo > kernel-ml kernel, noticed this morning an error with the xt_mark > module, saying it doesn't recognize the --xor-mark option ... > > E1018 15:18:11.083644 1 proxier.go:1432] "Failed to execute > iptables-restore" err=< exit status 2: Warning: Extension MARK > revision 0 not supported, missing kernel module? > ip6tables-restore v1.8.8 (nf_tables): unknown option "--xor-mark" > Error occurred at line: 11 Try `ip6tables-restore -h' or > 'ip6tables-restore --help' for more information. > > I think it has to do with this commit but I could be terribly wrong: > > ... > netfilter: xtables: avoid NFPROTO_UNSPEC where needed > [ Upstream commit 0bfcb7b71e735560077a42847f69597ec7dcc326 ] > ... > It's only those two newest kernels with that commit, if I revert back > to the prior version, the application (kube-proxy for kubernetes) > operates correctly.
