Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
As root attempting to restore a trivial tables config from a file written by
iptables-save over a completely flushed table
* What exactly did you do (or not do) that was effective (or
ineffective)?
Ran the following command:
iptables-restore /etc/iptables/rules.v4
* What was the outcome of this action?
The following messages were seen on stdout/stderr:
iptables-restore v1.8.7 (nf_tables):
line 10: CHAIN_ADD failed (Device or resource busy): chain INPUT
line 10: CHAIN_UPDATE failed (Device or resource busy): chain INPUT
line 10: CHAIN_ADD failed (Device or resource busy): chain FORWARD
line 10: CHAIN_UPDATE failed (Device or resource busy): chain FORWARD
line 10: CHAIN_ADD failed (Device or resource busy): chain OUTPUT
line 10: CHAIN_UPDATE failed (Device or resource busy): chain OUTPUT
line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT
line 10: RULE_APPEND failed (No such file or directory): rule in chain INPUT
Tables were not populated with any of the contents of the file.
* What outcome did you expect instead?
Tables to be populated with the contents of the file.
Workaround found while troubleshooting is that when running the same command
but with the --verbose flag set the tables are correctly populated with the
contents of the file and the following output on stdout/stderr:
# Generated by iptables-save v1.8.7 on Fri Mar 4 00:51:20 2022
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
# Completed on Fri Mar 4 00:51:20 2022
ip6tables-restore behaves in the same way.
Using --noflush instead of --verbose also works but with tables not flushed
first (this is to be expected).
iptables-restore is linked as follows on this system:
/usr/sbin/iptables-restore
v
/etc/alternatives/iptables-restore
v
/usr/sbin/iptables-nft-restore
v
xtables-nft-multi
*** End of the template - remove these template lines ***