At least since 2.6.1.16.1, many calls to iptables no longer function
at least under 64-bit x86, presumably due to a bug in the netfilter
kernel code.
The problem is still present in 2.6.17-rc2.
The error from iptables is
iptables: unknown error 18446744073709551615
Examples of rules that give the error are
1) iptables -A INPUT -i bond0 -s 129.98.90.0/24 -p tcp --dport 548 -j ACCEPT
2) iptables -A INPUT -i bond0 -s 129.98.90.101/32 -p tcp --dport 497 -j ACCEPT
3) iptables -A INPUT -i bond0 -s 129.98.90.227/32 -p tcp --dport 22 -j ACCEPT
Example of a rule that does not give the error:
1) iptables -A INPUT -i bond0 -p ICMP --icmp-type echo-request -s
129.98.90.13/32 -j ACCEPT
The computer is using IPv4 and not IPv6, which has not been compiled into the
kernel.
iptables is version 1.3.5.
Kernel configuration related to iptables follows:
lsmod shows
xt_state 4928 0
ipt_LOG 8960 0
ip_conntrack_ftp 10000 0
ip_conntrack 57880 2 xt_state,ip_conntrack_ftp
nfnetlink 8520 1 ip_conntrack
iptable_filter 5440 0
ip_tables 22168 1 iptable_filter
x_tables 17800 3 xt_state,ipt_LOG,ip_tables