Similar failures observed with lxd and ip6tables, reverting a similar
patch fixes the problem. I've narrowed this down to one change each in
these patches which is causing some data for rules to not be copied to
userspace, so iptables/ip6tables cannot find a match. A partial revert
fixes the issues.
** Summary changed:
- iptables regression causing snapd ADT failure
+ iptables/ip6tables regressions in deleting rules
** Changed in: linux (Ubuntu)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1691752
Title:
iptables/ip6tables regressions in deleting rules
Status in linux package in Ubuntu:
In Progress
Bug description:
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac
/autopkgtest-artful-canonical-kernel-team-
ppa/artful/amd64/s/snapd/20170517_171222_5c77c@/log.gz
2017-05-17 17:11:40 Error restoring
autopkgtest:ubuntu-17.10-amd64:tests/main/econnreset :
-----
+ echo 'Remove the firewall rule again'
Remove the firewall rule again
++ id -u test
+ iptables -D OUTPUT -m owner --uid-owner 12345 -j REJECT -p tcp
--reject-with tcp-reset
iptables: No chain/target/match by that name.
-----
Can be easily reproduced by hand:
$ sudo iptables -I OUTPUT -m owner --uid-owner $(id -u) -j REJECT -p tcp
--reject-with tcp-reset
$ sudo iptables -D OUTPUT -m owner --uid-owner $(id -u) -j REJECT -p tcp
--reject-with tcp-reset
iptables: No chain/target/match by that name.
The rule is successfully deleted in xenial/zesty.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1691752/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
