subject:"\[arch\-general\] nftables partially broken after kernel update to 4.16.9"

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

2018-05-29 Thread Bill Sun via arch-general

On Tue, May 22, 2018 at 10:43:36AM +0100, Ralph Corderoy wrote:
> https://www.archlinux.org/packages/extra/x86_64/nftables/ says
> Flagged out-of-date on 2018-05-11
> Version 1:0.8.5-1 in testing
> so perhaps that new version would help?
I'm happy to report that after updating to the latest version of linux
kernel and nftables, the problem is resolved.


Regards.

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

2018-05-22 Thread Bill Sun via arch-general

On Tue, May 22, 2018 at 08:58:47AM +0200, David Runge wrote:
> Does only the nft command fail, or does it work, when it's in a
> configuration file?

Only the nft command fails, it seems.

I guess I'll wait for the latest in the test repo and see what happens.


Regards.

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

2018-05-22 Thread Ralph Corderoy

Hi Bill,

> I just updated one of my computer to 4.16.9. After update, the following
> nft commands will not work:

https://www.archlinux.org/packages/extra/x86_64/nftables/ says
Flagged out-of-date on 2018-05-11
Version 1:0.8.5-1 in testing
so perhaps that new version would help?

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

2018-05-22 Thread David Runge

On 2018-05-21 23:31:57 (-0400), Bill Sun via arch-general wrote:
> I just updated one of my computer to 4.16.9. After update, the following
> nft commands will not work:
> nft add table ip nat <--- this one works without error
>   nft add chain ip nat prerouting { type nat hook prerouting priority 0 
> \; }
> ^
> This will give me the following error message:
> Could not process rule: Device or resource busy.
> 
> However, the default simple firewall still works. I have another
> computer that is still on 4.16.8, and the example above works; further,
> switching back to a lts kernel (4.14.41) also works.
Hmm, that's odd. I'm on linux-hardened 4.16.9 atm and my nftables
configuration has a `policy accept;` for said chain, which is working.
Does only the nft command fail, or does it work, when it's in a
configuration file?

Best,
David

-- 
https://sleepmap.de


signature.asc
Description: PGP signature

[arch-general] nftables partially broken after kernel update to 4.16.9

2018-05-21 Thread Bill Sun via arch-general

Hi all,

I just updated one of my computer to 4.16.9. After update, the following
nft commands will not work:
nft add table ip nat <--- this one works without error
nft add chain ip nat prerouting { type nat hook prerouting priority 0 
\; }
^
This will give me the following error message:
Could not process rule: Device or resource busy.

However, the default simple firewall still works. I have another
computer that is still on 4.16.8, and the example above works; further,
switching back to a lts kernel (4.14.41) also works.


Any help is appreciated. Thanks.

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

Re: [arch-general] nftables partially broken after kernel update to 4.16.9

[arch-general] nftables partially broken after kernel update to 4.16.9

5 matches

Site Navigation

Mail list logo

Footer information