Jump to content

nft utility errors "XT target TPROXY not found" caused by WTP/NTP task [KES for Linux]

Recommended Posts

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.


While WTP/NTP is enabled, nft utility produces errors (stderr) like

# nft list ruleset
XT target TPROXY not found
XT target TPROXY not found
XT target TPROXY not found
XT target TPROXY not found

These errors are caused by a bug in nft utility and xt_TPROXY dynamic library. This effect does not indicate functionality issues.

This bug may be reported to netfilter.org developers.


Whenever nft utility lists traffic rules, it dynamically loads extension libraries (for example, from /usr/lib/x86_64-linux-gnu/xtables in Debian OS) including TPROXY and CONNMARK.

When nft encounters first ipv4 rule, it sets global "family=ipv4" state via xtables_set_nfproto function, then loads libxt_TPROXY.so which has both ipv4 and ipv6 targets, but ipv6 are ignored due to the flag.

After that, nft processes ipv6 rules but there are no ipv6 targets for them. As a result, nft utility produces errors "XT target TPROXY not found".

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...