Discussion:
nftables partially broken after kernel update to 4.16.9
(too old to reply)
Bill Sun via arch-general
2018-05-22 03:31:57 UTC
Permalink
Raw Message
Hi all,

I just updated one of my computer to 4.16.9. After update, the following
nft commands will not work:
nft add table ip nat <--- this one works without error
nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
^
This will give me the following error message:
Could not process rule: Device or resource busy.

However, the default simple firewall still works. I have another
computer that is still on 4.16.8, and the example above works; further,
switching back to a lts kernel (4.14.41) also works.


Any help is appreciated. Thanks.
David Runge
2018-05-22 06:58:47 UTC
Permalink
Raw Message
Post by Bill Sun via arch-general
I just updated one of my computer to 4.16.9. After update, the following
nft add table ip nat <--- this one works without error
nft add chain ip nat prerouting { type nat hook prerouting priority 0 \; }
^
Could not process rule: Device or resource busy.
However, the default simple firewall still works. I have another
computer that is still on 4.16.8, and the example above works; further,
switching back to a lts kernel (4.14.41) also works.
Hmm, that's odd. I'm on linux-hardened 4.16.9 atm and my nftables
configuration has a `policy accept;` for said chain, which is working.
Does only the nft command fail, or does it work, when it's in a
configuration file?

Best,
David
--
https://sleepmap.de
Bill Sun via arch-general
2018-05-22 13:53:59 UTC
Permalink
Raw Message
Post by David Runge
Does only the nft command fail, or does it work, when it's in a
configuration file?
Only the nft command fails, it seems.

I guess I'll wait for the latest in the test repo and see what happens.


Regards.
Ralph Corderoy
2018-05-22 09:43:36 UTC
Permalink
Raw Message
Hi Bill,
Post by Bill Sun via arch-general
I just updated one of my computer to 4.16.9. After update, the following
https://www.archlinux.org/packages/extra/x86_64/nftables/ says
Flagged out-of-date on 2018-05-11
Version 1:0.8.5-1 in testing
so perhaps that new version would help?
--
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy
Bill Sun via arch-general
2018-05-30 05:14:26 UTC
Permalink
Raw Message
Post by Ralph Corderoy
https://www.archlinux.org/packages/extra/x86_64/nftables/ says
Flagged out-of-date on 2018-05-11
Version 1:0.8.5-1 in testing
so perhaps that new version would help?
I'm happy to report that after updating to the latest version of linux
kernel and nftables, the problem is resolved.


Regards.

Loading...