[ISSUE]Error applying firewall rules/error applying iptables rules #1460
Description
I have issue with getting afwall enabled on (custom) LOS21 system on an Nokia 7.2. I tried different versions, but all have same problem.
No matter if you enable some rules or do nothing and apply immediately after install, every time the enable firewall action gives error and as such can't enable afwall. The error: Error applying firewall rules/error applying iptables rules. This happens around rule 71.I use afwall for many year, never had this issue. On LOS20 it works as designed, but now testing with an LOS 21 ROM i'm getting this issue.
Tried binary change for iptables and/or busybox, doesn't matter (it even gives this error when changing binary).
Looked at logcat and maybe this means something (this command does work on LOS20, but not on LOS21):
01-30 10:15:03.374 I/AFWall (10004): command 'iptables -A afwall-wifi-postcustom -m owner --uid-owner 1014 -j RETURN' exited with status 1
01-30 10:15:03.374 I/AFWall (10004): Output:
01-30 10:15:03.374 I/AFWall (10004): Warning: Extension owner revision 0 not supported, missing kernel module?
01-30 10:15:03.374 I/AFWall (10004): iptables: No chain/target/match by that name.
01-30 10:15:03.374 I/AFWall (10004): Start processing next state
Also when listing current rules with "iptables -L -v", there are also some lines like this which also complain about missing kernel module:
Chain st_clear_detect (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
0 0 RETURN all -- any any anywhere anywhere connmark match 0x1000000/0x1000000
0 0 CONNMARK tcp -- any any anywhere anywhere u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000
Warning: Extension CONNMARK is not supported, missing kernel module?
0 0 CONNMARK udp -- any any anywhere anywhere u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" CONNMARK or 0x1000000
0 0 RETURN all -- any any anywhere anywhere connmark match 0x1000000/0x1000000
0 0 st_clear_caught tcp -- any any anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
0 0 st_clear_caught udp -- any any anywhere anywhere
Running command: iptables --match owner -h
Warning: Extension owner revision 0 not supported, missing kernel module?
iptables v1.8.10 (legacy)