Modify

Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#17935 closed defect (worksforme)

firewall: Warning: fw3_ipt_rule_append(): Can't find match 'conntrack'

Reported by: anonymous Owned by: developers
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: Cc:

Description

Hi,
r42620 seems to have broken the firewall.
I began to get messages like this, and could no longer access the internet.

Warning: fw3_ipt_rule_append(): Can't find match 'conntrack'

Reverting to r42610 made everything fine again.
I can provide more info if needed.

Attachments (1)

diffconfig.txt (17.3 KB) - added by anonymous 3 years ago.
diffconfig.sh output

Download all attachments as: .zip

Change History (8)

comment:1 follow-up: Changed 3 years ago by jow

Attach the output of ./scripts/diffconfig.sh please.

Changed 3 years ago by anonymous

diffconfig.sh output

comment:2 in reply to: ↑ 1 Changed 3 years ago by anonymous

Replying to jow:

Attach the output of ./scripts/diffconfig.sh please.

Output attached.
Could this be due to disabled IPv6 support?
Hope it helps.

comment:3 follow-up: Changed 3 years ago by jow

Whats the output of "fw3 -4 print" and "fw3 -6 print" ?

comment:4 in reply to: ↑ 3 Changed 3 years ago by anonymous

Replying to jow:

Whats the output of "fw3 -4 print" and "fw3 -6 print" ?

I'm unable to reproduce the problem anymore.
I built another image after running 'make clean' and all seems fine. Should have done it before opening the ticket and spare the developers.
I think the ticket can be closed.

comment:5 Changed 3 years ago by br101

I have seen the same error and in my case the reason was a missing

CONFIG_PACKAGE_kmod-ipt-conntrack=y

in my seed config. Maybe it is not selected automatically for some reason?

comment:6 Changed 3 years ago by nbd

  • Resolution set to worksforme
  • Status changed from new to closed

comment:7 Changed 2 years ago by timothy.redaelli@…

I confirm the issue, kmod-ipt-conntrack is not enable if I disable CONFIG_IPv6.
I suggest to add +kmod-ipt-conntrack to ipt-nat instead of ipt-nat6 in package/kernel/linux/modules/netfilter.mk

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.