On Fri, 06 Dec 2019, Antonio Terceiro wrote: > Package: ufw > Version: 0.36-1 > Severity: grave > Justification: renders package unusable > > This started since the latest upgrade of iptables (1.8.4). Reverting to > 1.8.3 (testing) makes it work again. > > This is the contents of the journal for ufw.service: > > -- Logs begin at Thu 2019-12-05 14:15:18 -03, end at Fri 2019-12-06 13:45:35 > -03. -- > dez 05 14:15:18 lemur ufw-init[455]: Bad argument `DROP' > dez 05 14:15:18 lemur ufw-init[455]: Error occurred at line: 4 > dez 05 14:15:18 lemur ufw-init[455]: Try `iptables-restore -h' or > 'iptables-restore --help' for more information.
I can confirm this. It looks like iptables-restore and iptables6-restore in 1.8.4 has broken -n behavior with the nft varieties. Create some simple policy: $ cat /tmp/pol *filter # builtin chains :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT With 1.8.2-4 on buster: $ cat /tmp/pol | sudo /usr/sbin/iptables-legacy-restore -n $ cat /tmp/pol | sudo /usr/sbin/iptables-nft-restore -n $ With 1.8.4-1 on sid: $ cat /tmp/pol | sudo /usr/sbin/iptables-legacy-restore -n $ cat /tmp/pol | sudo /usr/sbin/iptables-nft-restore -n Bad argument `ACCEPT' Error occurred at line: 4 Try `iptables-nft-restore -h' or 'iptables-nft-restore --help' for more information. -- Email: ja...@strandboge.com IRC: jdstrand
