Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

Walter Hofstädtler Tue, 28 Jul 2020 00:24:09 -0700

Matt,

did not help,


Switched to iptables-legacy:  
$ update-alternatives --config iptables 
 1  enter

Restarted Shorewall:
$ shorewall restart -c

But snmp packages are dropped. 
nf_ct_snmp: dropping packet: parser failed


Regards
Walter Hofstädtler



-----Ursprüngliche Nachricht-----
Von: Matt Darfeuille [mailto:m...@shorewall.org] 
Gesendet: Dienstag, 28. Juli 2020 08:40
An: shorewall-users@lists.sourceforge.net
Betreff: Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

On 7/28/2020 8:28 AM, Bruce Bannerman wrote:
> Hi Walter,
> 
> when I upgraded to Debian 10, I found that I needed to run the following 
> command to update my Shorewall config files:
> 
> shorewall update
> 
> The man page gives an explaination of what the command does.
> 

In addition to the above:

Try to see if switching from the nft back end to ip[6]tables helps

$ update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing
/usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/iptables-nft      20        auto mode
  1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide
/usr/sbin/iptables (iptables) in manual mode
$ update-alternatives --config ip6tables
There are 2 choices for the alternative ip6tables (providing
/usr/sbin/ip6tables).

  Selection    Path                        Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/ip6tables-nft      20        auto mode
  1            /usr/sbin/ip6tables-legacy   10        manual mode
  2            /usr/sbin/ip6tables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/ip6tables-legacy to provide
/usr/sbin/ip6tables (ip6tables) in manual mode

-- 
Matt Darfeuille <m...@shorewall.org>
Shorewall Project Committee, one of four core members
https://sourceforge.net/p/shorewall/mailman/message/36596609/
https://shorewall.org


_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

Reply via email to