Package: iptables Version: 1.8.7-1 Severity: normal Tags: ipv6 X-Debbugs-Cc: t...@tee-jay.org.uk
Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? As root attempting to restore a trivial tables config from a file written by iptables-save over a completely flushed table * What exactly did you do (or not do) that was effective (or ineffective)? Ran the following command: iptables-restore /etc/iptables/rules.v4 * What was the outcome of this action? The following messages were seen on stdout/stderr: iptables-restore v1.8.7 (nf_tables): line 10: CHAIN_ADD failed (Device or resource busy): chain INPUT line 10: CHAIN_UPDATE failed (Device or resource busy): chain INPUT line 10: CHAIN_ADD failed (Device or resource busy): chain FORWARD line 10: CHAIN_UPDATE failed (Device or resource busy): chain FORWARD line 10: CHAIN_ADD failed (Device or resource busy): chain OUTPUT line 10: CHAIN_UPDATE failed (Device or resource busy): chain OUTPUT line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT Tables were not populated with any of the contents of the file. * What outcome did you expect instead? Tables to be populated with the contents of the file. Workaround found while troubleshooting is that when running the same command but with the --verbose flag set the tables are correctly populated with the contents of the file and the following output on stdout/stderr: # Generated by iptables-save v1.8.7 on Fri Mar 4 00:51:20 2022 Flushing chain `INPUT' Flushing chain `FORWARD' Flushing chain `OUTPUT' # Completed on Fri Mar 4 00:51:20 2022 ip6tables-restore behaves in the same way. Using --noflush instead of --verbose also works but with tables not flushed first (this is to be expected). iptables-restore is linked as follows on this system: /usr/sbin/iptables-restore v /etc/alternatives/iptables-restore v /usr/sbin/iptables-nft-restore v xtables-nft-multi *** End of the template - remove these template lines *** -- System Information: Debian Release: 11.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0 (SMP w/1 CPU thread) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages iptables depends on: ii libc6 2.31-13+deb11u2 ii libip4tc2 1.8.7-1 ii libip6tc2 1.8.7-1 ii libmnl0 1.0.4-3 ii libnetfilter-conntrack3 1.0.8-3 ii libnfnetlink0 1.0.1-3+b1 ii libnftnl11 1.1.9-1 ii libxtables12 1.8.7-1 ii netbase 6.3 Versions of packages iptables recommends: pn nftables <none> Versions of packages iptables suggests: pn firewalld <none> ii kmod 28-1 -- no debconf information