1

I'm trying to set up a simple firewall with docker and I wanted to use iptables-restore. I changed the iptables used to legacy (so shouldn't use nftables if I'm right).

The problem is that even a file as simple as :

*filter
:INPUT ACCEPT [0:0]
COMMIT

leads to an error :

 iptables-restore rules1.v4 --test --verbose --noflush
Bad argument `COMMIT'
Error occurred at line: 3
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

The INPUT chain exists obviously : iptables -L INPUT

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

I'm using Debian 10.

Brummbaer
  • 11
  • 3
  • I just found the solution. It looks like iptables-legacy is somewhat broken on Debian 10 it seems. After switching to iptables-nft it works as it should. – Brummbaer Aug 24 '20 at 16:56

1 Answers1

0

I just found the solution. It looks like iptables-legacy is somewhat broken on Debian 10 it seems. After switching to iptables-nft it works as it should.

Brummbaer
  • 11
  • 3
  • Can you elaborate on what that switching entails? I'm currently trying to figure out the mechanism by which iptables-legacy tables get populated on Debian/Devuan, to perform the switch. – einpoklum Oct 11 '21 at 22:03