Bill, I hoped that the Shorewall restart would clear the tables.
Regards Walter Hofstädtler -----Ursprüngliche Nachricht----- Von: Bill Shirley [mailto:b...@ultrapoly.polymerindustries.biz] Gesendet: Dienstag, 28. Juli 2020 13:14 An: shorewall-users@lists.sourceforge.net Betreff: Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed Don't you need to clear out the nf_tables after making the switch? Bill On 7/28/2020 3:22 AM, Walter Hofstädtler wrote: > Matt, > > did not help, > > Switched to iptables-legacy: > $ update-alternatives --config iptables > 1 enter > > Restarted Shorewall: > $ shorewall restart -c > > But snmp packages are dropped. > nf_ct_snmp: dropping packet: parser failed > > > Regards > Walter Hofstädtler > > > > -----Ursprüngliche Nachricht----- > Von: Matt Darfeuille [mailto:m...@shorewall.org] > Gesendet: Dienstag, 28. Juli 2020 08:40 > An: shorewall-users@lists.sourceforge.net > Betreff: Re: [Shorewall-users] nf_ct_snmp: dropping packet: parser failed > > On 7/28/2020 8:28 AM, Bruce Bannerman wrote: >> Hi Walter, >> >> when I upgraded to Debian 10, I found that I needed to run the following >> command to update my Shorewall config files: >> >> shorewall update >> >> The man page gives an explaination of what the command does. >> > In addition to the above: > > Try to see if switching from the nft back end to ip[6]tables helps > > $ update-alternatives --config iptables > There are 2 choices for the alternative iptables (providing > /usr/sbin/iptables). > > Selection Path Priority Status > ------------------------------------------------------------ > * 0 /usr/sbin/iptables-nft 20 auto mode > 1 /usr/sbin/iptables-legacy 10 manual mode > 2 /usr/sbin/iptables-nft 20 manual mode > > Press <enter> to keep the current choice[*], or type selection number: 1 > update-alternatives: using /usr/sbin/iptables-legacy to provide > /usr/sbin/iptables (iptables) in manual mode > $ update-alternatives --config ip6tables > There are 2 choices for the alternative ip6tables (providing > /usr/sbin/ip6tables). > > Selection Path Priority Status > ------------------------------------------------------------ > * 0 /usr/sbin/ip6tables-nft 20 auto mode > 1 /usr/sbin/ip6tables-legacy 10 manual mode > 2 /usr/sbin/ip6tables-nft 20 manual mode > > Press <enter> to keep the current choice[*], or type selection number: 1 > update-alternatives: using /usr/sbin/ip6tables-legacy to provide > /usr/sbin/ip6tables (ip6tables) in manual mode > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
