path: root/
diff options
authorPavel Tikhomirov <>2021-08-04 18:50:57 +0300
committerFlorian Westphal <>2021-08-04 17:56:59 +0200
commit943fbf3e1850ae1f52f29c2f4f2aca399779b368 (patch)
treea77c9e80e59db0187ecd194d0cede5cc25102bfc /
parentef7781eb1437a2d6fd37eb3567c599e3ea682b96 (diff)
ip6tables: masquerade: use fully-random so that nft can understand the rule
Here is the problem: []# nft -v nftables v0.9.8 (E.D.S.) []# iptables-nft -v iptables v1.8.7 (nf_tables): no command specified Try `iptables -h' or 'iptables --help' for more information. []# nft flush ruleset []# ip6tables-nft -t nat -A POSTROUTING -j MASQUERADE --random-full []# nft list ruleset table ip6 nat { chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; counter packets 0 bytes 0 masquerade random-fully } } []# nft list ruleset > /tmp/ruleset []# nft flush ruleset []# nft -f /tmp/ruleset /tmp/ruleset:4:54-54: Error: syntax error, unexpected newline counter packets 0 bytes 0 masquerade random-fully That's because nft list ruleset saves "random-fully" which is wrong format for nft -f, right should be "fully-random". We face this problem because we run k8s in Virtuozzo container, and k8s creates those "random-fully" rules by iptables(nft) and then CRIU can't restore those rules using nft. Signed-off-by: Pavel Tikhomirov <> Signed-off-by: Florian Westphal <>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions