Hi Gustavo,
thanks for your answer so far!
Am 02.12.2018 um 04:45 schrieb gustavo panizzo:
Hello
On Sat, Dec 01, 2018 at 04:27:19PM +0100, Nico Haase wrote:
Nov 29 06:42:10 host netfilter-persistent[24163]: run-parts: executing
/usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Nov 29 06:42:10 host netfilter-persistent[24163]: ip6tables-restore
v1.8.2 (nf_tables):
Nov 29 06:42:10 host netfilter-persistent[24163]: line 3: CHAIN_UPDATE
failed (No such file or directory): chain PREROUTING
Nov 29 06:42:10 host netfilter-persistent[24163]: line 4: CHAIN_UPDATE
failed (No such file or directory): chain INPUT
Nov 29 06:42:10 host netfilter-persistent[24163]: line 5: CHAIN_UPDATE
failed (No such file or directory): chain OUTPUT
Nov 29 06:42:10 host netfilter-persistent[24163]: line 6: CHAIN_UPDATE
failed (No such file or directory): chain POSTROUTING
Nov 29 06:42:10 host netfilter-persistent[24163]: run-parts:
/usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with
return code 4
ip6tables-restore fails to load your ip6 rules, /etc/iptables/rules.v6
It looks to me looking at the error that you are mixing iptables and
nftables, in iptables world PREROUTING/INPUT/OUTPUT/POSTROUTING tables
*always* exist
show me the output of
# systemctl status nftables
That displays:
Unit nftables.service could not be found.
# nft list tables
That displays: command not found
# ip6tables-restore < /etc/iptables/rules.v6
As you already mentioned, this prints the same message as above. And
that is the current content of rules.v6, which I've never edited manually:
# Generated by ip6tables-save v1.6.2 on Wed Oct 24 06:16:46 2018
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Wed Oct 24 06:16:46 2018
# Generated by ip6tables-save v1.6.2 on Wed Oct 24 06:16:46 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Oct 24 06:16:46 2018
Nov 29 06:42:10 host systemd[1]: netfilter-persistent.service: Main
process exited, code=exited, status=1/FAILURE
Nov 29 06:42:10 host systemd[1]: netfilter-persistent.service: Failed
with result 'exit-code'.
Nov 29 06:42:10 host systemd[1]: Failed to start netfilter persistent
configuration.
What can I do to make this work? Is it a configuration problem on my
server, or a bug in the package?
I think you are mixing nftables and iptables-legacy, please read
/usr/share/doc/iptables/README.Debian
That might be the case, but I don't have a clue why only the latest
update throws such an error. Up to this version, there were no errors or
warnings mentioned; and if there is a larger incompatibility between
installed packages and new updates, I think there should be a more clear
message logged.
As these rules were dumped there automatically and the file was not
edited by hand, what can I do to make this work again?
Regards
Nico
