Hi. Please consider picking up commit 324318f0248c31be8a08984146e7e4dd7cdd091d Author: Willem de Bruijn <willemb@xxxxxxxxxx> netfilter: xtables: zero padding in data_to_user After this, you will also need to pick commit 751a9c763849f5859cb69ea44b0430d00672f637 Author: Willem de Bruijn <willemb@xxxxxxxxxx> netfilter: xtables: fix build failure from COMPAT_XT_ALIGN outside CONFIG_COMPAT Both apply cleanly to 4.11. Earlier kernels are not affected. Without these two patches we fail to delete rules, e.g. iptables -A INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT iptables -D INPUT -i lo -p icmp --icmp-type 1 -j ACCEPT 2nd command fails to delete the newly added rule.