Under certain circumstances nftables will create configurations that iptables via xtables-nft-multi is unable to read. When this happens, it results in iptables triggering a bug outputting the following error under any invocation (i.e. iptables -L): free(): double free detected in tcache 2 There is a patch for this bug upstream: https://git.netfilter.org/iptables/diff/?id=4318961230bce82958df82b57f1796143bf2f421 With that patch, a proper error is emitted: iptables v1.8.7 (nf_tables): table `filter' is incompatible, use 'nft' tool. However, upstream has not yet cut a new tag for this issue. I would recommend carrying this patch locally until 1.8.8 is released upstream.
Thanks for the report!
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30b1ce27e3082d81d6c4c5f488c1ec452f01bbab commit 30b1ce27e3082d81d6c4c5f488c1ec452f01bbab Author: Patrick McLean <patrick.mclean@sony.com> AuthorDate: 2022-01-20 19:11:25 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2022-01-20 19:12:26 +0000 net-firewall/iptables: revbump upstream double-free (bug #831626) Closes: https://bugs.gentoo.org/831626 Copyright: Sony Interactive Entertainment Inc. Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> .../files/iptables-1.8.7-cache-double-free.patch | 61 +++++++ net-firewall/iptables/iptables-1.8.7-r1.ebuild | 183 +++++++++++++++++++++ 2 files changed, 244 insertions(+)
