Hide Forgot
Description of problem: [root@zdtm ~]# iptables -w -t filter --protocol tcp -A INPUT --dport 12345 -j DROP [root@zdtm ~]# iptables -w -t filter --protocol tcp -D INPUT --dport 12345 -j DROP iptables: Bad rule (does a matching rule exist in that chain?). [root@zdtm ~]# uname -a Linux zdtm.openvz.org 4.11.3-200.fc25.x86_64 #1 SMP Thu May 25 19:03:07 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux The same set of commands works fine on previous kernels [root@zdtm ~]# iptables -w -t filter --protocol tcp -A INPUT --dport 12345 -j DROP [root@zdtm ~]# iptables -w -t filter --protocol tcp -D INPUT --dport 12345 -j DROP [root@zdtm ~]# uname -a Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. unshare -n 2. iptables -w -t filter --protocol tcp -A INPUT --dport 12345 -j DROP 3. iptables -w -t filter --protocol tcp -D INPUT --dport 12345 -j DROP Actual results: iptables returns the error and non-zero exit code Expected results: iptables exits with 0 without errors Additional info:
[root@zdtm ~]# unshare -n [root@zdtm ~]# iptables -w -t filter --protocol tcp -A INPUT --dport 12345 -j DROP [root@zdtm ~]# iptables -w -t filter --protocol tcp -D INPUT --dport 12345 -j DROP [root@zdtm ~]# echo $? 0 [root@zdtm ~]# uname -a Linux zdtm.openvz.org 4.12.0-0.rc3.git0.2.fc27.x86_64+debug #1 SMP Tue May 30 19:21:19 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
This was fixed with commit 324318f0248c31be8a08984146e7e4dd7cdd091d netfilter: xtables: zero padding in data_to_user I've sent a request to include it in 4.11.y to stable maintainers.
Florian, thank you
kernel-4.11.7-300.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-44d91780a0
kernel-4.11.7-200.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-65f852596f
kernel-4.11.7-100.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbfb70fc1d
kernel-4.11.7-100.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbfb70fc1d
kernel-4.11.7-200.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-65f852596f
kernel-4.11.7-300.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-44d91780a0
kernel-4.11.7-200.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.11.8-100.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4880e0f183
4.11.7 works as expected, thanks.
kernel-4.11.8-100.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4880e0f183
kernel-4.11.8-100.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.11.7-300.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.