Hello On Mon, Dec 10, 2018 at 06:46:11PM +0100, Nico Haase wrote:
Hi there,I wanted to check if there are some news. Through removing the saved rules files, the update has succeeded. But still, I think that this is not solved: after the update went through, I've tried to dump the rules through the following command:ip6tables-save > /etc/iptables/rules.v6 This created the following dump: # Generated by xtables-save v1.8.2 on Mon Dec 10 18:40:39 2018 *filter :OUTPUT ACCEPT [64:15232] :FORWARD ACCEPT [0:0] :INPUT ACCEPT [64:15232] COMMIT # Completed on Mon Dec 10 18:40:39 2018Afterwards, I tried to restore the rules that I've just dumped, and that threw the same message as before:ip6tables-restore v1.8.2 (nf_tables): line 3: CHAIN_UPDATE failed (No such file or directory): chain OUTPUT line 4: CHAIN_UPDATE failed (No such file or directory): chain FORWARD line 5: CHAIN_UPDATE failed (No such file or directory): chain INPUTI understand that there might be some things that could work in another way due to a legacy version, but still: how could saving the rules with the current version result in a file that the current version cannot parse?
Is not a parsing problem, the CHAINs do not exists.
You need to check your setup. Check where the ip6*tables* symlinks
points to and make it consistent.
Also remove the legacy rules before applying new rules.
if ip{,6}tables-save and ip{,6}tables-restore dont work in your system,
netfilter-persistent won't work either (is just a wrapper around them to
start the firewall at boot time)
--
IRC: gfa
GPG: 0X44BB1BA79F6C6333
