This and the other iptables-1.4.21-r1 are both affected. I have not tested any others. libtool: link: x86_64-pc-linux-gnu-gcc -Wall -Waggregate-return -Wmissing-declarations -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes -Winline -pipe -DALL_INCLUSIVE -DENABLE_IPV4 -DENABLE_IPV6 -pipe -O2 -march=amdfam10 -Wl,-O1 -o .libs/xtables-multi xtables_multi-xtables-multi.o xtables_multi-iptables-xml.o xtables_multi-iptables-save.o xtables_multi-iptables-restore.o xtables_multi-iptables-standalone.o xtables_multi-iptables.o xtables_multi-ip6tables-save.o xtables_multi-ip6tables-restore.o xtables_multi-ip6tables-standalone.o xtables_multi-ip6tables.o xtables_multi-xshared.o -Wl,--as-needed ../extensions/libext.a ../libiptc/.libs/libip4tc.so ../extensions/libext4.a ../libiptc/.libs/libip6tc.so ../extensions/libext6.a ../libxtables/.libs/libxtables.so -lm -lpcap ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_open': libxt_connlabel.c:(.text+0x34): undefined reference to `nfct_labelmap_new' ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name': libxt_connlabel.c:(.text+0x92): undefined reference to `nfct_labelmap_get_name' ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_mt_parse': libxt_connlabel.c:(.text+0x1c3): undefined reference to `nfct_labelmap_get_bit' collect2: error: ld returned 1 exit status make[2]: *** [Makefile:416: xtables-multi] Error 1 make[2]: Leaving directory '/var/tmp/portage/net-firewall/iptables-1.4.21-r4/work/iptables-1.4.21/iptables' make[1]: *** [Makefile:356: all-recursive] Error 1 make[1]: Leaving directory '/var/tmp/portage/net-firewall/iptables-1.4.21-r4/work/iptables-1.4.21' make: *** [Makefile:283: all] Error 2 [ebuild r U ] net-firewall/iptables-1.4.21-r4 [1.4.21-r1] USE="conntrack ipv6 netlink pcap%* static-libs*" [ebuild rR ] sys-apps/iproute2-4.4.0 USE="atm berkdb iptables ipv6 -minimal (-selinux)" [ebuild rR ] net-misc/miniupnpd-2.0 USE="ipv6 leasefile -igd2 -pcp-peer -portinuse -strict" [ebuild rR ] app-admin/collectd-5.7.2 USE="contrib filecaps java static-libs udev xfs -debug -perl (-selinux)" COLLECTD_PLUGINS="aggregation amqp apache apcups ascent battery bind cgroups conntrack contextswitch cpu cpufreq cpusleep csv curl curl_json curl_xml dbi df disk dns drbd email entropy ethstat exec fhcount filecount fscache gmond hddtemp interface ipc ipmi iptables ipvs irq load log_logstash logfile lua lvm madwifi match_empty_counter match_hashed match_regex match_timediff match_value mbmon md memcached memory modbus multimeter mysql netlink network nfs nginx notify_desktop notify_email ntpd numa nut olsrd onewire openldap openvpn ping postgresql powerdns processes protocols python redis rrdcached rrdtool sensors serial smart snmp statsd swap syslog table tail tail_csv target_notification target_replace target_scale target_set tcpconns ted thermal threshold turbostat unixsock uptime users uuid varnish virt vmem vserver wireless write_graphite write_http write_kafka write_log write_redis write_sensu write_tsdb xencpu -ceph -chrony -gps -hugepages -java -memcachec -mqtt -notify_nagios -oracle -perl -routeros -sigrok -teamspeak2 -tokyotyrant -write_prometheus -zfs_arc -zookeeper" PYTHON_SINGLE_TARGET="python3_4 -python2_7 -python3_5 -python3_6" PYTHON_TARGETS="python2_7 python3_4 -python3_5 -python3_6" The following packages are causing rebuilds: (net-firewall/iptables-1.4.21-r4:0/10::gentoo, ebuild scheduled for merge) causes rebuilds for: (app-admin/collectd-5.7.2:0/0::gentoo, ebuild scheduled for merge) (sys-apps/iproute2-4.4.0:0/0::gentoo, ebuild scheduled for merge) (net-misc/miniupnpd-2.0:0/0::gentoo, ebuild scheduled for merge)
Created attachment 485238 [details] build.log
Created attachment 485240 [details] emerge --info
iptables-1.6.1-r1 is affected as well. Currently testing a patch...
This is a known bug and was fixed via https://git.netfilter.org/iptables/commit/?id=76e230e41947576efb96e86e605bb84015cdb287. For 1.4.x, this patch must be backported, i.e. like https://raw.githubusercontent.com/Metrological/buildroot/master/package/iptables/iptables-01-fix-static-link.patch Why I haven't added the patch yet: 1) I don't understand why 1.6.x is failing for me with the same error. 2) Once I successfully managed to emerge any 1.4.x ebuild with the patch above, 1.6.x, which was failing before, is now magically fixed on the same box. Removing iptables doesn't bring back the problem... Before I don't understand the problem, I don't want to push a fix.
Understandable, keep up the good work!