Closed sid3windr closed 8 years ago
In the meanwhile I do understand why it's there - any kernel without nat support for ipv6 will break if the nat table header file is included in the iptables-restore file. This feature was introduced in Linux kernel 3.9.
However this means that:
File not loading is not great, as this means none of the specified rules will apply and the box will be wide open over ipv6... :(
I'm not too sure what the right solution is here... Kernel version check?
Uhm, yes a kernel check based on a (existing) fact could do
kernelmajversion seems to qualify, I'll see if I can cook up a PR in the next few days.
Not sure why this is there, but there is an if !$is_ipv6 {} block around the NAT table header/footer concat emitter.
Creating rules with table => 'nat' is allowed, however, but this means they end up without a header/footer, causing rules to obviously fail.
Removing the if block fixes things.