ip6tables-restore v1.8.5 (legacy): Couldn't load match `limit':No such file or directory
I tried blocking all tcp/ip listener ports on all interfaces (including localhost) other than ssh/port 22 with this policy:
{
"description": "Home firewall",
"zone": {
"inet": { "iface": ["eth+", "wwan+", "usb+"] }
},
"policy": [
{ "in": "_fw", "action": "drop" },
{ "in": "inet", "action": "drop" },
{ "in": "_fw", "service": "ssh", "action": "accept" },
{ "in": "inet", "service": "ssh", "action": "accept" },
{ "out": "inet", "action": "accept" },
{ "out": "_fw", "action": "accept" }
],
"snat": [
{ "out": "inet" }
]
}
(I assumed later policies have higher priority, sadly I haven't been able to find any clear mention of priority on the wiki so I'm just guessing this)
Sadly, when I try to verify it I get an error I don't understand:
# awall translate --verify
ip6tables-restore v1.8.5 (legacy): Couldn't load match `limit':No such file or directory
Error occurred at line: 42
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
/usr/share/lua/5.2/awall/iptables.lua:92: assertion failed!
stack traceback:
/usr/share/lua/5.2/awall/uerror.lua:25: in function </usr/share/lua/5.2/awall/uerror.lua:21>
[C]: in function 'assert'
/usr/share/lua/5.2/awall/iptables.lua:92: in function 'restore'
/usr/share/lua/5.2/awall/iptables.lua:101: in function 'test'
/usr/share/lua/5.2/awall/init.lua:185: in function 'test'
/usr/sbin/awall:337: in function 'f'
/usr/share/lua/5.2/awall/uerror.lua:20: in function </usr/share/lua/5.2/awall/uerror.lua:20>
[C]: in function 'xpcall'
/usr/share/lua/5.2/awall/uerror.lua:19: in function 'call'
/usr/sbin/awall:163: in main chunk
[C]: in ?
Would it be possible to make awall output a better error here to help me understand what is wrong about my config? Or is this a bug?