Why am I not able to use synproxy with nftables?

Environment

Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9

Issue

Why am I not able to use synproxy with nftables?
Why am I getting the below error when trying to setup synproxy with nftables in RHEL 7 and RHEL 8?

  /etc/sysconfig/nftables.conf:21:9-96: Error: Could not process rule: No such file or directory
 tcp dport 8888 ct state invalid,untracked synproxy mss 1460 wscale 7 timestamp sack-perm
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Resolution

The feature is provided in kernel 5.14.0-84.el9.x86_64.

Root Cause

This has been identified as a bug and got fixed in Bugzilla 2069735 - enable NFT synproxy support in RHEL9.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Select Your Language

Why am I not able to use synproxy with nftables?

Environment

Issue

Resolution

Root Cause

Comments

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Environment

Issue

Resolution

Root Cause

Comments

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links