1 |
Getting an error with kernel 4.1.28 ( USE="experimental symlink" ) |
2 |
The firewall ( 2 different packages tried ) locks up the machine during |
3 |
boot. |
4 |
|
5 |
The old kernel ( 4.1.27 ) worked with no errors. |
6 |
I copied the /usr/src/linux/.config file over from kernel 4.1.27. |
7 |
Used "make menuconfig" to check if changes were needed. |
8 |
Recompiled 3 different times, minor changes, same result. |
9 |
|
10 |
reinstalled iptables, nftables, and ran "perl-cleaner reallyall". |
11 |
|
12 |
Always locks up after rules compiled / starting to initialize iptables. |
13 |
|
14 |
The firewalls tried : |
15 |
arno-iptables-firewall, shorewall |
16 |
|
17 |
Part of the kernel 4.1.28 change-log : |
18 |
|
19 |
> Florian Westphal (20): |
20 |
> ipv6: re-enable fragment header matching in ipv6_find_hdr |
21 |
> netfilter: x_tables: validate e->target_offset early |
22 |
> netfilter: x_tables: make sure e->next_offset covers remaining |
23 |
> blob size |
24 |
> netfilter: x_tables: fix unconditional helper |
25 |
> netfilter: x_tables: don't move to non-existent next rule |
26 |
> netfilter: x_tables: validate targets of jumps |
27 |
> netfilter: x_tables: add and use xt_check_entry_offsets |
28 |
> netfilter: x_tables: kill check_entry helper |
29 |
> netfilter: x_tables: assert minimum target size |
30 |
> netfilter: x_tables: add compat version of xt_check_entry_offsets |
31 |
> netfilter: x_tables: check standard target size too |
32 |
> netfilter: x_tables: check for bogus target offset |
33 |
> netfilter: x_tables: validate all offsets and sizes in a rule |
34 |
> netfilter: x_tables: don't reject valid target size on some |
35 |
> architectures |
36 |
> netfilter: arp_tables: simplify translate_compat_table args |
37 |
> netfilter: ip_tables: simplify translate_compat_table args |
38 |
> netfilter: ip6_tables: simplify translate_compat_table args |
39 |
> netfilter: x_tables: xt_compat_match_from_user doesn't need a retval |
40 |
> netfilter: x_tables: do compat validation via translate_table |
41 |
> netfilter: x_tables: introduce and use xt_copy_counters_from_user |
42 |
I suspect this may have something to do with it. |
43 |
|
44 |
Is anyone else seeing / experiencing this problem? |