netlink: filter sequence-mismatch errors in the error callback so they don't crash the engine

io/nfqueue.go

@@ -238,6 +238,9 @@ func (nio *nfqueuePacketIO) Register(ctx context.Context, cb PacketCallback) err
 						return 0
 					}
 				}
+				if strings.Contains(e.Error(), "mismatched sequence") {
+					return 0
+				}
 				return okBoolToInt(cb(nil, e))
 			})
 		if err != nil {
@@ -346,6 +349,7 @@ func (nio *nfqueuePacketIO) setupIpt(local, rst, remove bool) error {
 	if remove {
 		err = iptsBatchDeleteIfExists([]*iptables.IPTables{nio.ipt4, nio.ipt6}, rules)
 	} else {
+		_ = iptsBatchDeleteIfExists([]*iptables.IPTables{nio.ipt4, nio.ipt6}, rules)
 		err = iptsBatchAppendUnique([]*iptables.IPTables{nio.ipt4, nio.ipt6}, rules)
 	}
 	return err