Package: iptables
Version: 1.8.2-4
Hi,
there is a bug in iptables-nft 1.8.2-4 in Debian buster:
|# lsb_release -a No LSB modules are available. Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster #
dpkg -s iptables | grep ^Version Version: 1.8.2-4 # iptables-nft -N FOO
# iptables-nft -A FOO -m comment --comment "kubernetes firewall for
dropping marked packets" -m mark --mark 0x8000 -j DROP # iptables-nft -C
FOO -m comment --comment "kubernetes firewall for dropping marked
packets" -m mark --mark 0x8000 -j DROP && echo exists iptables: Bad rule
(does a matching rule exist in that chain?). # iptables-legacy -N BAR #
iptables-legacy -A BAR -m comment --comment "kubernetes firewall for
dropping marked packets" -m mark --mark 0x8000 -j DROP # iptables-legacy
-C BAR -m comment --comment "kubernetes firewall for dropping marked
packets" -m mark --mark 0x8000 -j DROP && echo exists exists|
We filed the original issue here:
https://github.com/kubernetes/kubernetes/issues/82361#issue-489594945
Best,
Wolfgang
--
Wolfgang Jentner
Department of Computer and Information Science
Chair for Data Analysis and Visualization
University of Konstanz
Box 78
D-78457 Konstanz, Germany
Mail: jent...@dbvis.inf.uni-konstanz.de
Web: https://www.vis.uni-konstanz.de/mitglieder/jentner/
Phone: +49 (0) 7531 88 3941
Fax: +49 (0) 7531 88 3065
Room: C201
