Your issue looks like this bug, but I don't know how to fix it: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947689>.
* Bonno Bloksma <b.blok...@tio.nl> [21-02/09=Tue 15:52 +0000]: > For years I have had a firewall script the sets and/or resets my > firewall rules. [It starts near] the top with some lines that have > been there for ever. After upgrading to buster I got an error > executing this script and I cannot find out why. Using the extra echo > lines I have been able to pinpoint the error to the iptables -Z line > > [...] > IPTABLES=/usr/sbin/iptables > echo flush > # Flush all rules in all chains and then delete all chains > chains=`cat /proc/net/ip_tables_names 2>/dev/null` > for i in $chains; do $IPTABLES -t $i -F; done > for i in $chains; do $IPTABLES -t $i -X; done > echo counters > # Reset all counters for default chains > $IPTABLES -Z > echo "return traffic" > [...] > > This will produce the following output. > flush > counters > iptables v1.8.2 (nf_tables): RULE_REPLACE failed (Invalid argument): rule in > chain INPUT > return traffic > > Can anyone tell me why the re reset counter line fails > with a reference to the INPUT chain? There is loads of > documentation about iptables but nothing about the -Z option. > > I have my iptables rules in a separate script that I can test and > if I ever shut myself out I can simply restart the machine and > the default / previous ruleset will load and all will be up and > running again. I'd like to keep that way of setting things up, > it makes it easy to test a new set of rules and debug typo's.
