Package: iptables
Version: 1.8.11-2
Severity: normal
Dear Maintainer,
* What led up to the situation?
I have a homebrewed "fail2ban" type script that keeps a table of hosts to
ban and regularly cleans it out with a command like:
/sbin/iptables -w -n -v -L -Z bad-guys
* What exactly did you do (or not do) that was effective (or
ineffective)?
I tried running the command and got the error:
iptables v1.8.11 (nf_tables): Illegal option `--numeric' with this command
Try `iptables -h' or 'iptables --help' for more information.
* What was the outcome of this action?
The counters were not zeroed and no output was produced.
* What outcome did you expect instead?
That the counters be zeroed and the listing of the table (with the counters
before zeroing) be printed without adresss resolution.
This is a regression from 1.8.9-2 where the command does what I want:
# /sbin/iptables -w -n -v -L -Z bad-guys
Chain bad-guys (1 references)
pkts bytes target prot opt in out source destination
6 360 DROP 0 -- * * 193.221.16.92 0.0.0.0/0
0 0 DROP 0 -- * * 185.180.141.47 0.0.0.0/0
Zeroing chain `bad-guys'
-- System Information:
Debian Release: 13.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.48+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages iptables depends on:
ii libc6 2.41-12
ii libip4tc2 1.8.11-2
ii libip6tc2 1.8.11-2
ii libmnl0 1.0.5-3
ii libnetfilter-conntrack3 1.1.0-1
ii libnfnetlink0 1.0.2-3
ii libnftnl11 1.2.9-1
ii libxtables12 1.8.11-2
ii netbase 6.5
Versions of packages iptables recommends:
ii nftables 1.1.3-1
Versions of packages iptables suggests:
pn firewalld <none>
ii kmod 34.2-2
-- no debconf information
