bpfilter read fail 0

[barzag]

Hello community

I solicit your help because I have recently this message:

bpfilter read fail 0

which is repeated every second in my log
afaik this is happening with some iptables-nft versions.
the firewall doesn't really matter because I'm running a pfsense on proxmox. is it possible to deactivate it? I have already tried this command line :

echo "blacklist bpfilter" | sudo tee /etc/modprobe.d/pve-blacklist.conf

but it does not work

Any ideas ?

 

[rason]

It is possible to disable the bpfilter by modifying the /etc/sysctl.conf file and adding the following line:

net.bridge.bridge-nf-call-iptables = 0

This will disable the bpfilter and prevent it from being loaded. You can then run the command "sysctl -p" to apply the changes.
Alternatively, you can try updating your iptables-nft version to a more recent one that may not have this issue.

 

[barzag]

thanks for your return. update iptable with debian backports?

https://backports.debian.org/Instructions/#index2h2

apt install iptables & iptables-nftables-compat

nftables apparently replaces it on debian bullseye ?

My version iptable is v1.8.7

 

[barzag]

I tried

net.bridge.bridge-nf-call-iptables = 0

But it does not work. I still have the messages in kern.log

 

[barzag]

anyone have an idea?

 

[elter]

So, it looks like these messages are generated by pve-firewall querying an older iptables interface, which now generates these messages on newer kernels. It's annoying.

If you aren't using pve-firewall, you can stop/disable/mask it via systemctl. I'm not sure about downstream effect of it, maybe somebody from Proxmox staff can advise.

 

[barzag]

up please