On SYS Arm dedi, OVH-provided kernel is missing nf_conntrack_ipv6 module (although ipv4 module is present). This means any iptables tasks using ctstate with IPv6 fail, e.g., allowing related/established traffic on INPUT.
At present, ignore_errors is set for that task, but it's a hacky solution. Check if kernel module is available first, and have some fallback iptables rule?
On SYS Arm dedi, OVH-provided kernel is missing
nf_conntrack_ipv6module (although ipv4 module is present). This means any iptables tasks usingctstatewith IPv6 fail, e.g., allowing related/established traffic on INPUT.At present,
ignore_errorsis set for that task, but it's a hacky solution. Check if kernel module is available first, and have some fallback iptables rule?