Hi, For years I have had a firewall script the sets and/or resets my firewall rules. Is starts of near the top with some lines that have been there for ever. After upgrading to buster I got an error executing this script and I cannot find out why. Using the extra echo lines I have been able to pinpoint the error to the iptables -Z line
[...] IPTABLES=/usr/sbin/iptables echo flush # Flush all rules in all chains and then delete all chains chains=`cat /proc/net/ip_tables_names 2>/dev/null` for i in $chains; do $IPTABLES -t $i -F; done for i in $chains; do $IPTABLES -t $i -X; done echo counters # Reset all counters for default chains $IPTABLES -Z echo "return traffic" [...] This will produce the following output. flush counters iptables v1.8.2 (nf_tables): RULE_REPLACE failed (Invalid argument): rule in chain INPUT return traffic Can anyone tell me why the re reset counter line fails with a reference to the INPUT chain? There is loads of documentation about iptables but nothing about the -Z option. I have my iptables rules in a separate script that I can test and if I ever shut myself out I can simply restart the machine and the default / previous ruleset will load and all will be up and running again. I'd like to keep that way of setting things up, it makes it easy to test a new set of rules and debug typo's. Bonno Bloksma
