It turns out that v0.9.0 of nftables userspace does not have tproxy
support at all and the errors are just misleading.
The support was committed in
2be1d52644cf 2018-08-03 12:17:31 +0200 src: Add tproxy support
but the release is:
cd21a243162a (tag: v0.9.0) 2018-06-08 14:46:00 +0200
Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1310
On Wed, Dec 19, 2018 at 06:05:10PM +0100, Arturo Borrero Gonzalez wrote:
> On 12/19/18 5:57 PM, Michał Mirosław wrote:
> > Package: nftables
> > Version: 0.9.0-2
> > Severity: normal
> >
> > --- Please enter the report below this line. ---
> >
> > # nft add rule inet filter divert 'ip6 daddr ::/0
On Wed, Dec 19, 2018 at 06:05:10PM +0100, Arturo Borrero Gonzalez wrote:
> On 12/19/18 5:57 PM, Michał Mirosław wrote:
> > Package: nftables
> > Version: 0.9.0-2
> > Severity: normal
> >
> > --- Please enter the report below this line. ---
> >
> > # nft add rule inet filter divert 'ip6 daddr ::/0
On 12/19/18 5:57 PM, Michał Mirosław wrote:
> Package: nftables
> Version: 0.9.0-2
> Severity: normal
>
> --- Please enter the report below this line. ---
>
> # nft add rule inet filter divert 'ip6 daddr ::/0 meta l4proto tcp tproxy to
> :2000 meta mark set 1 accept'
> Error: syntax error, unexp
Package: nftables
Version: 0.9.0-2
Severity: normal
--- Please enter the report below this line. ---
# nft add rule inet filter divert 'ip6 daddr ::/0 meta l4proto tcp tproxy to
:2000 meta mark set 1 accept'
Error: syntax error, unexpected to
add rule inet filter divert ip6 daddr ::/0 meta l4pro
6 matches
Mail list logo
