Test Steps from Debian bug, for reference. - 1. Configure rules files:
cat <<EOF4 >/etc/iptables/rules.v4 # Generated by iptables-save v1.8.7 on Wed Nov 3 20:43:56 2021 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -s 1.0.0.1/32 -p icmp -j DROP COMMIT # Completed on Wed Nov 3 20:43:56 2021 EOF4 cat <<EOF6 >/etc/iptables/rules.v6 # Generated by ip6tables-save v1.8.7 on Wed Nov 3 20:43:56 2021 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -s 2606:4700:4700::1001/128 -p icmp -j DROP COMMIT # Completed on Wed Nov 3 20:43:56 2021 EOF6 - 2. Flush existing rules: iptables -F ip6tables -F - 3. Add rules for 1.1.1.1: iptables -A INPUT -p icmp -s 1.1.1.1 -j DROP ip6tables -A INPUT -p icmp -s 2606:4700:4700::1111 -j DROP - 4. Check rules for 1.1.1.1 are in: iptables -nL | grep -e 1.1.1.1 -e 1.0.0.1 ip6tables -nL | grep -e 2606:4700:4700::1111 -e 2606:4700:4700::1001 - 5. Start iptables-persistent scripts: netfilter-persistent start Default behavior: - 6. Check rules for 1.0.0.1 are in (rules for 1.1.1.1 are gone) iptables -nL | grep -e 1.1.1.1 -e 1.0.0.1 ip6tables -nL | grep -e 2606:4700:4700::1111 -e 2606:4700:4700::1001 Optional behavior: - 7. Enable the new options: sed -i '/RESTORE_NOFLUSH/ s/^# //' /etc/default/netfilter-persistent - 8. Repeat steps 2-5 - 9. Check rules for 1.0.0.1 _and_ 1.1.1.1 are in (rules for 1.1.1.1 are kept) iptables -nL | grep -e 1.1.1.1 -e 1.0.0.1 ip6tables -nL | grep -e 2606:4700:4700::1111 -e 2606:4700:4700::1001 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1949643 Title: iptables-persistent unconditionally drops existing iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables-persistent/+bug/1949643/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
