Re: iptables -Z option
Your issue looks like this bug, but I don't know how to fix it:
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947689>.
* Bonno Bloksma <b.bloksma@tio.nl> [21-02/09=Tue 15:52 +0000]:
> For years I have had a firewall script the sets and/or resets my
> firewall rules. [It starts near] the top with some lines that have
> been there for ever. After upgrading to buster I got an error
> executing this script and I cannot find out why. Using the extra echo
> lines I have been able to pinpoint the error to the iptables -Z line
>
> [...]
> IPTABLES=/usr/sbin/iptables
> echo flush
> # Flush all rules in all chains and then delete all chains
> chains=`cat /proc/net/ip_tables_names 2>/dev/null`
> for i in $chains; do $IPTABLES -t $i -F; done
> for i in $chains; do $IPTABLES -t $i -X; done
> echo counters
> # Reset all counters for default chains
> $IPTABLES -Z
> echo "return traffic"
> [...]
>
> This will produce the following output.
> flush
> counters
> iptables v1.8.2 (nf_tables): RULE_REPLACE failed (Invalid argument): rule in chain INPUT
> return traffic
>
> Can anyone tell me why the re reset counter line fails
> with a reference to the INPUT chain? There is loads of
> documentation about iptables but nothing about the -Z option.
>
> I have my iptables rules in a separate script that I can test and
> if I ever shut myself out I can simply restart the machine and
> the default / previous ruleset will load and all will be up and
> running again. I'd like to keep that way of setting things up,
> it makes it easy to test a new set of rules and debug typo's.
Reply to: