Red Hat Bugzilla – Bug 412441
[RFE] iptables to report meaningful error messages
Last modified: 2010-02-24 13:11:46 EST
I've just come across this too (iptables-1.3.5-5.3.el5) ... I wanted to do # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE but being somnambulist, I've written instead: # iptables -t nat -A OUTPUT -o eth0 -j MASQUERADE and got the response: iptables: Unknown error 18446744073709551615 googling for it revealed that there is a very wide variety of causes that may lead to this message, making it totally useless ... so *please* do something about that
The latest iptables version (1.4.4) prints another error message: # iptables -t nat -A OUTPUT -o eth0 -j MASQUERADE iptables: Invalid argument. Run `dmesg' for more information. # dmesg | tail -1 ip_tables: MASQUERADE target: used from hooks OUTPUT, but only usable from POSTROUTING What do you think about this?
Same with fresh landed iptables-1.4.5.
As Thomas already mentioned, especially in comment #4 the issue here is that the iptables upstream developers seem to have decided to virtually remove all kernel related error handling/parsing and in case something goes wrong with the sysctl() call just tell you to use dmesg. As long as upstream iptables development doesn't include at least basic error messages again for the common kernel modules and error cases i don't see how we can sanely implement and support that for a long time ourselves. Putting this bug therefore in Cond NAK Upstream for now. Thanks & regards, Phil