Control: tags 946282 + moreinfo Hi Jeff--
On Fri 2019-12-06 11:16:02 -0500, Jeff King wrote:
> Stracing wg-quick shows that it's trying to pass this to
> iptables-restore:
>
> *raw
> -I PREROUTING ! -i wg -d 10.0.1.1 -m addrtype ! --src-type LOCAL -j DROP -m
> comment --comment "wg-quick(8) rule for wg"
>
> COMMIT
> *mangle
> -I POSTROUTING -m mark --mark 51820 -p udp -j CONNMARK --save-mark -m
> comment --comment \"wg-quick(8) rule for wg\"
> -I PREROUTING -p udp -j CONNMARK --restore-mark -m comment --comment
> \"wg-quick(8) rule for wg\"
> COMMIT
>
> Note that blank line before the first COMMIT, which it seems the older
> version of iptables was happy to ignore, but 1.8.4 complains about. So
> possibly this is an iptables bug, but it seems like wireguard could be
> more careful about what it writes.
Thanks for this diagnostic, it's super helpful.
Upstream commit 884b6e36e6af0c6fa5b9467ccc8c2e2e4477bc95 should fix this
empty line problem, if i'm understanding it correctly. That commit is
part of 0.0.20191206, which i've just uploaded to unstable. Could you
try that out and report back if it solves the problem?
thanks,
--dkg
signature.asc
Description: PGP signature
