Hello
On Mon, Dec 10, 2018 at 06:46:11PM +0100, Nico Haase wrote:
Hi there,
I wanted to check if there are some news. Through removing the saved
rules files, the update has succeeded. But still, I think that this is
not solved: after the update went through, I've tried to dump the
rules through the following command:
ip6tables-save > /etc/iptables/rules.v6
This created the following dump:
# Generated by xtables-save v1.8.2 on Mon Dec 10 18:40:39 2018
*filter
:OUTPUT ACCEPT [64:15232]
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [64:15232]
COMMIT
# Completed on Mon Dec 10 18:40:39 2018
Afterwards, I tried to restore the rules that I've just dumped, and
that threw the same message as before:
ip6tables-restore v1.8.2 (nf_tables):
line 3: CHAIN_UPDATE failed (No such file or directory): chain OUTPUT
line 4: CHAIN_UPDATE failed (No such file or directory): chain FORWARD
line 5: CHAIN_UPDATE failed (No such file or directory): chain INPUT
I understand that there might be some things that could work in
another way due to a legacy version, but still: how could saving the
rules with the current version result in a file that the current
version cannot parse?
Is not a parsing problem, the CHAINs do not exists.
You need to check your setup. Check where the ip6*tables* symlinks
points to and make it consistent.
Also remove the legacy rules before applying new rules.
if ip{,6}tables-save and ip{,6}tables-restore dont work in your system,
netfilter-persistent won't work either (is just a wrapper around them to
start the firewall at boot time)
--
IRC: gfa
GPG: 0X44BB1BA79F6C6333