Current RHEL8 ip6tables incorrectly prefixes error messages with 'iptables:' instead of 'ip6tables:' as it should (and legacy does).
Upstream fix to backport:
commit 3be40dcfb5af1438b6abdbda45a1e3b59c104e13
Author: Phil Sutter <phil>
Date: Fri Aug 7 13:48:28 2020 +0200
nft: Fix command name in ip6tables error message
Upon errors, ip6tables-nft would prefix its error messages with
'iptables:' instead of 'ip6tables:'. Turns out the command name was
hard-coded, use 'progname' variable instead.
While being at it, merge the two mostly identical fprintf() calls into
one.
Signed-off-by: Phil Sutter <phil>
Acked-by: Pablo Neira Ayuso <pablo>
Related shell test enhancement to cover it:
commit cd3e83d1b04fd2683f0fb06e496ee5be08a96b4f
Author: Phil Sutter <phil>
Date: Thu Aug 6 18:52:34 2020 +0200
tests: shell: Merge and extend return codes test
Merge scripts for iptables and ip6tables, they were widely identical.
Also extend the test by one check (removing a non-existent rule with
valid chain and target) and quote the error messages where differences
are deliberately ignored.
Signed-off-by: Phil Sutter <phil>
Acked-by: Pablo Neira Ayuso <pablo>
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (iptables bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2021:1642
Current RHEL8 ip6tables incorrectly prefixes error messages with 'iptables:' instead of 'ip6tables:' as it should (and legacy does). Upstream fix to backport: commit 3be40dcfb5af1438b6abdbda45a1e3b59c104e13 Author: Phil Sutter <phil> Date: Fri Aug 7 13:48:28 2020 +0200 nft: Fix command name in ip6tables error message Upon errors, ip6tables-nft would prefix its error messages with 'iptables:' instead of 'ip6tables:'. Turns out the command name was hard-coded, use 'progname' variable instead. While being at it, merge the two mostly identical fprintf() calls into one. Signed-off-by: Phil Sutter <phil> Acked-by: Pablo Neira Ayuso <pablo> Related shell test enhancement to cover it: commit cd3e83d1b04fd2683f0fb06e496ee5be08a96b4f Author: Phil Sutter <phil> Date: Thu Aug 6 18:52:34 2020 +0200 tests: shell: Merge and extend return codes test Merge scripts for iptables and ip6tables, they were widely identical. Also extend the test by one check (removing a non-existent rule with valid chain and target) and quote the error messages where differences are deliberately ignored. Signed-off-by: Phil Sutter <phil> Acked-by: Pablo Neira Ayuso <pablo>