Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

Tue, 28 Jul 2020 04:16:23 -0700 

Don't you need to clear out the nf_tables after making the switch?

Bill

On 7/28/2020 3:22 AM, Walter Hofstädtler wrote:

Matt,

did not help,

Switched to iptables-legacy:
$ update-alternatives --config iptables
  1  enter

Restarted Shorewall:
$ shorewall restart -c

But snmp packages are dropped.
nf_ct_snmp: dropping packet: parser failed


Regards
Walter Hofstädtler



-----Ursprüngliche Nachricht-----
Von: Matt Darfeuille [mailto:m...@shorewall.org]
Gesendet: Dienstag, 28. Juli 2020 08:40
An: shorewall-users@lists.sourceforge.net
Betreff: Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed

On 7/28/2020 8:28 AM, Bruce Bannerman wrote:

Hi Walter,

when I upgraded to Debian 10, I found that I needed to run the following 
command to update my Shorewall config files:

shorewall update

The man page gives an explaination of what the command does.


In addition to the above:

Try to see if switching from the nft back end to ip[6]tables helps

$ update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing
/usr/sbin/iptables).

   Selection    Path                       Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/iptables-nft      20        auto mode
   1            /usr/sbin/iptables-legacy   10        manual mode
   2            /usr/sbin/iptables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/iptables-legacy to provide
/usr/sbin/iptables (iptables) in manual mode
$ update-alternatives --config ip6tables
There are 2 choices for the alternative ip6tables (providing
/usr/sbin/ip6tables).

   Selection    Path                        Priority   Status
------------------------------------------------------------
* 0            /usr/sbin/ip6tables-nft      20        auto mode
   1            /usr/sbin/ip6tables-legacy   10        manual mode
   2            /usr/sbin/ip6tables-nft      20        manual mode

Press <enter> to keep the current choice[*], or type selection number: 1
update-alternatives: using /usr/sbin/ip6tables-legacy to provide
/usr/sbin/ip6tables (ip6tables) in manual mode




_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to