WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

iptables: correct invalid syntax in nat table

Browse Source 
This `[0:]` syntax doesn't seem to be correct. iptables 1.8.10
errors out on encountering it, saying:

invalid policy counters for chain 'PREROUTING'

this seems to be because the check was tightened between 1.8.9
and 1.8.10 to apply even when iptables is not actively restoring
the counters:
https://git.netfilter.org/iptables/commit/?id=4a2b2008fdf4df980433f99a6d8f2003f2005296

I think these are all meant to be 0:0, so let's make them that
and stop iptables choking.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson
2024-04-24 13:00:51 -07:00
parent e7d5a04cf0
commit 8b9778777b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/base/templates/iptables/iptables
View File

@@ -116,8 +116,8 @@ COMMIT
{% if nat_rules %}
*nat
:PREROUTING ACCEPT [0:]
:INPUT ACCEPT [0:]
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]