Empty rule list returned on Rocky8

[arshad01]

Hello

I am testing iptc on Rocky8. It seems the chain rules list is always empty:

# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.10.11        0.0.0.0/0            tcp dpt:22
...
# python3.8
Python 3.8.12 (default, May 10 2022, 23:46:40) 
[GCC 8.5.0 20210514 (Red Hat 8.5.0-10)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import iptc
>>> t=iptc.Table(iptc.Table.FILTER)
>>> c=iptc.Chain(t, 'INPUT')
>>> c.rules
[]

Any help is greatly appreciated. Thanks

[FAUSheppy]

I'm having the same problem on Debian 11 (Bullseye). @arshad01 did you find any solution?

[mad-ady]

I too have hit the same issue. Note, that I have to run with:

# XTABLES_LIBDIR=/lib64/xtables python3
Python 3.6.8 (default, Nov  8 2022, 11:32:15) 
[GCC 8.5.0 20210514 (Red Hat 8.5.0-15)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import iptc
>>> iptc.easy.dump_table('filter')
{'INPUT': [], 'FORWARD': [], 'OUTPUT': []}
>>> 
# iptables --version
iptables v1.8.4 (nf_tables)
# uname -a
Linux server 4.18.0-425.3.1.el8.x86_64 #1 SMP Wed Nov 9 20:13:27 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/redhat-release 
Rocky Linux release 8.7 (Green Obsidian)

Is the problem because iptables is now based on nf_tables, instead of being the legacy variant? https://developers.redhat.com/blog/2020/08/18/iptables-the-two-variants-and-their-relationship-with-nftables#two_variants_of_the_iptables_command

I can confirm that I can see the iptables rules (and their counters) with: nft list ruleset.

[jllorente]

I believe in newer distributions you need to use iptables-legacy suite of tools instead of the default iptables which is built with nf_tables.