[arch-general] nftables partially broken after kernel update to 4.16.9
Hi all, I just updated one of my computer to 4.16.9. After update, the following nft commands will not work: nft add table ip nat <--- this one works without error nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; } ^ This will give me the following error message: Could not process rule: Device or resource busy. However, the default simple firewall still works. I have another computer that is still on 4.16.8, and the example above works; further, switching back to a lts kernel (4.14.41) also works. Any help is appreciated. Thanks.
On 2018-05-21 23:31:57 (-0400), Bill Sun via arch-general wrote:
I just updated one of my computer to 4.16.9. After update, the following nft commands will not work: nft add table ip nat <--- this one works without error nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; } ^ This will give me the following error message: Could not process rule: Device or resource busy.
However, the default simple firewall still works. I have another computer that is still on 4.16.8, and the example above works; further, switching back to a lts kernel (4.14.41) also works. Hmm, that's odd. I'm on linux-hardened 4.16.9 atm and my nftables configuration has a `policy accept;` for said chain, which is working. Does only the nft command fail, or does it work, when it's in a configuration file?
Best, David -- https://sleepmap.de
On Tue, May 22, 2018 at 08:58:47AM +0200, David Runge wrote:
Does only the nft command fail, or does it work, when it's in a configuration file?
Only the nft command fails, it seems. I guess I'll wait for the latest in the test repo and see what happens. Regards.
Hi Bill,
I just updated one of my computer to 4.16.9. After update, the following nft commands will not work:
https://www.archlinux.org/packages/extra/x86_64/nftables/ says Flagged out-of-date on 2018-05-11 Version 1:0.8.5-1 in testing so perhaps that new version would help? -- Cheers, Ralph. https://plus.google.com/+RalphCorderoy
On Tue, May 22, 2018 at 10:43:36AM +0100, Ralph Corderoy wrote:
https://www.archlinux.org/packages/extra/x86_64/nftables/ says Flagged out-of-date on 2018-05-11 Version 1:0.8.5-1 in testing so perhaps that new version would help? I'm happy to report that after updating to the latest version of linux kernel and nftables, the problem is resolved.
Regards.
participants (3)
-
Bill Sun
-
David Runge
-
Ralph Corderoy