iptables: correct invalid syntax in nat table
This `[0:]` syntax doesn't seem to be correct. iptables 1.8.10 errors out on encountering it, saying: invalid policy counters for chain 'PREROUTING' this seems to be because the check was tightened between 1.8.9 and 1.8.10 to apply even when iptables is not actively restoring the counters: https://git.netfilter.org/iptables/commit/?id=4a2b2008fdf4df980433f99a6d8f2003f2005296 I think these are all meant to be 0:0, so let's make them that and stop iptables choking. Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson
parent
e7d5a04cf0
commit
8b9778777b
1 changed files with 2 additions and 2 deletions
|
|
@ -116,8 +116,8 @@ COMMIT
|
|||
|
||||
{% if nat_rules %}
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:]
|
||||
:INPUT ACCEPT [0:]
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue