On Thu, Feb 07, 2002 at 08:24:28PM -0800, H. Peter Anvin wrote:
> I get the following error with iptables on 2.4.18-pre9:
>
> sudo iptables-restore < /etc/sysconfig/iptables
> iptables-restore: libiptc/libip4tc.c:384: do_check: Assertion
> `h->info.valid_hooks == (1 << 0 | 1 << 3)' failed.
> Abort (core dumped)
>
> However, if I apply the rules manually (using iptables), I have no
> problem; only if I'm using iptables-save or iptables-restore do I get
> a dump...
I have this since the netfilter update from pre6 or pre7...
It seems to be caused by a change in the logic for the mangle table:
the userspace tools check only for PREROUTING and OUTPUT chains
(the 1 << 0 | 1 << 3 check), but the kernel code was recently updated
to support more chains in this table (POSTROUTING etc).
So it would seem that we need to have a more recent version of
the userspace tools (CVS maybe, since the latest released version
has the same bug), or the netfilter people should check the
userspace tools version before introducing this kind of
incompatible change.
(BTW, the quick and dirty fix for me was to hand edit
/etc/sysconfig/iptables and remove all references to the mangle table,
since I don't use it).
That being said, IANANG (netfilter guru) :-)
Stelian.
-- Stelian Pop <stelian.pop@fr.alcove.com> |---------------- Free Software Engineer -----------------| | Alcôve - http://www.alcove.com - Tel: +33 1 49 22 68 00 | |------------- Alcôve, liberating software ---------------| - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Feb 15 2002 - 21:00:16 EST