Bug 412441 - [RFE] iptables to report meaningful error messages
[RFE] iptables to report meaningful error messages
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: iptables (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: iptables-maint-list
: FutureFeature
Depends On: 205268
  Show dependency treegraph
Reported: 2007-12-05 12:18 EST by Daniel Riek
Modified: 2010-02-24 13:11 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 508895 (view as bug list)
Last Closed: 2010-02-24 13:11:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Karel Volný 2009-06-26 05:31:08 EDT
I've just come across this too (iptables-1.3.5-5.3.el5) ...

I wanted to do

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

but being somnambulist, I've written instead:

# iptables -t nat -A OUTPUT -o eth0 -j MASQUERADE

and got the response:

iptables: Unknown error 18446744073709551615

googling for it revealed that there is a very wide variety of causes that may lead to this message, making it totally useless ... so *please* do something about that
Comment 4 Thomas Woerner 2009-09-17 03:46:15 EDT
The latest iptables version (1.4.4) prints another error message:

# iptables -t nat -A OUTPUT -o eth0 -j MASQUERADE
iptables: Invalid argument. Run `dmesg' for more information.

# dmesg | tail -1
ip_tables: MASQUERADE target: used from hooks OUTPUT, but only usable from POSTROUTING

What do you think about this?
Comment 5 Thomas Woerner 2009-09-17 06:40:05 EDT
Same with fresh landed iptables-1.4.5.
Comment 6 Phil Knirsch 2009-09-22 05:30:52 EDT
As Thomas already mentioned, especially in comment #4 the issue here is that the iptables upstream developers seem to have decided to virtually remove all kernel related error handling/parsing and in case something goes wrong with the sysctl() call just tell you to use dmesg.

As long as upstream iptables development doesn't include at least basic error messages again for the common kernel modules and error cases i don't see how we can sanely implement and support that for a long time ourselves.

Putting this bug therefore in Cond NAK Upstream for now.

Thanks & regards, Phil

Note You need to log in before you can comment on or make changes to this bug.