Page MenuHomeVyOS Platform

rc.local: iptables: No chain/target/match by that name
Closed, WontfixPublic

Description

Hello.

I've added to /opt/vyatta/etc/config/scripts/vyatta-postconfig-bootup.script commands:
iptables -I VYATTA_POST_FW_FWD_HOOK -j NETFLOW

After system boot, this command does not apply with this error:
[email protected]:/home/vyos# systemctl status rc-local
● rc-local.service - /etc/rc.local Compatibility

Loaded: loaded (/lib/systemd/system/rc-local.service; static)
Active: failed (Result: exit-code) since Tue 2016-12-13 17:26:41 GMT-3; 15min ago

Dec 13 17:26:40 pc.example.ru rc.local[1734]: iptables: No chain/target/match by that name.
Dec 13 17:26:41 pc.example.ru systemd[1]: rc-local.service: control process exited, code=exited status=1
Dec 13 17:26:41 pc.example.ru systemd[1]: Failed to start /etc/rc.local Compatibility.
Dec 13 17:26:41 pc.example.ru systemd[1]: Unit rc-local.service entered failed state.

If I applly it after boot time, all is good.

[email protected]:/home/vyos# iptables -I VYATTA_POST_FW_FWD_HOOK -j NETFLOW
[email protected]:/home/vyos# iptables-save | grep NETFLOW
-A VYATTA_POST_FW_FWD_HOOK -j NETFLOW
[email protected]:/home/vyos#

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 999.201612010232

Event Timeline

syncer changed the task status from Open to On hold.Oct 13 2018, 10:40 AM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-rc4); removed VyOS 1.2 Crux.
syncer added a subscriber: syncer.

requires testing on latest rolling

Tested on the latest, rc.local is executed before the config is applied, which causes the issue.

  • Logs begin at Fri 2018-11-09 01:59:46 UTC, end at Fri 2018-11-09 02:01:30 UTC. --

Nov 09 02:01:27 latest rc.local[2338]: iptables v1.4.21: Couldn't load target `NETFLOW':No such file or directory

Not sure if the target NETFLOW is supposed to exist or not.
Apparently not. modprobe ipt_NETFLOW fails and is not within the kernel tree.

I gotta investigate if that was in 1.1. The NETFLOW target is a kernel module, which is presently not include in our kernel we use.

syncer edited projects, added Rejected; removed VyOS 1.2 Crux (VyOS 1.2.0-rc7).

this chain does not exist anymore in 1.2