nft command not found Debian 10 [SOLVED]

New to Debian (Or Linux in general)? Ask your questions here!

nft command not found Debian 10 [SOLVED]

Postby scott21 » 2019-07-09 13:23

I've used simple iptables in the past, and I'm behind on Debian versions.

I have one test machine that was setup a year ago with Debian 9, and that has the "nft" command for nftables, my other machines are either on 6 or 7. I never took the time to dig into nftables and figure things out to move from iptables and start using Debian 9.

That all said, I downloaded Debian 10 and saw it mentioned that nftables was used, etc. But when I type "nft" anything it's always Command Not Found. Instead I type iptables, and then I get stuff...I understand I get that due to some mapping/translation that is going on.

So that leads me to my question...do I need to install the "nft" command on Debian 10? I'm reading through the below page and it keeps using the "nft" commands and examples.

https://wiki.debian.org/nftables

Yet I only get command not found on Debian 10. There is no subfolder for the nftables examples under "/usr/share/doc/nftables/examples/" there is no "nftables" folder. So I'm a bit confused.

On debian 9, there was "nft" and one could run "nft list ruleset" and get something. On Debian 10 "nft" is command not found, however I can do "iptables -L" or "iptables -S" and get some results...if I run "iptalbes -V" I get: iptables v1.8.2 (nf_tables)


So I'm confused...in Debian 9 you had "nft" but in 10 you have a translation interface of iptables-nft and you don't have "nft"?

I'm trying to learn nftables, but all the examples I find are all using the "nft" command...and it's not in 10 by default. Do I have to install the "nftables" package? Or is the iptables-nft interface supposed to make life easier to setup your nftables stuff...was the "nft" method more complex?

I just need some simple firewall rules...is that easier when using the new iptables-nft in 10 instead of the actual "nft" command like in 9?
Last edited by scott21 on 2019-07-09 15:19, edited 1 time in total.
scott21
 
Posts: 5
Joined: 2019-07-09 13:05

Re: nft command not found Debian 10

Postby GarryRicketson » 2019-07-09 14:15

Show us exactly how you are running the 'nft' command, use code boxes, and show the complete process you use. Also, what does 'man nft' show ? IE:
Code: Select all
$ man nft
, if the manual is not there, then you need to install nftables.
For example, but your output may be different:
Code: Select all
garry@debian:~$ nft list ruleset
-bash: nft: command not found
garry@debian:~$ man nft
garry@debian:~$
 

The manual does show:
nft(8) nft(8)

NAME
nft - Administration tool of the nftables framework for packet filtering and classification

SYNOPSIS
nft [ -nNscae ] [ -I directory ] [ -f filename | -i | cmd ...]
nft -h
nft -v

DESCRIPTION
nft is the command line tool used to set up, maintain and inspect packet filtering and classifiction rules in the Linux kernel, in the nftables framework. The Linux kernel subsystem is known as nf_tables, and 'nf' stands for Netfilter.----snip---


And here is the "magick", I do not have any ruleset to show , but the command works just fine:
Code: Select all
garry@debian:~$ su -
Password:
root@debian:~# nft list ruleset
root@debian:~# exit
logout

Notice here, the difference:
Code: Select all
garry@debian:~$ su
Password:
root@debian:/home/garry# nft list ruleset
bash: nft: command not found
root@debian:/home/garry# exit
exit
garry@debian:~$
 

Notice that when I used "su - ", the command is ok, just that since I have no ruleset, nothing shows.
When I use "su", "it says command not found" , also as a normal user , the command is not available. In any event , to help you we need to see what you actually did, not just some vague verbal description:
But when I type "nft" anything it's always Command Not Found. Instead I type iptables, and then I get stuff...I understand I get that due to some mapping/translation that is going on.
Show us, your terminal output, where you ran the command, who ran it, and how you ran it, etc.
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: nft command not found Debian 10

Postby GarryRicketson » 2019-07-09 14:25

Here I added a rulset, so now I have one:
Code: Select all
garry@debian:~$ su -
Password:
root@debian:~#  nft add table inet filter
root@debian:~# nft list ruleset
table inet filter {
}
root@debian:~# exit
logout
garry@debian:~$
 

The nft command works fine, as long as the admin uses 'su -' correctly as they should.
I suppose "sudo" should work as well, I do not use it nor have it installed.
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: nft command not found Debian 10

Postby scott21 » 2019-07-09 14:31

ok, will try the code box...see if I figure that out correctly.

Code: Select all
fosssc@e-buster:~$ su
Password:
root@e-buster:/# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 10 (buster)
Release:        10
Codename:       buster
root@e-buster:/#
root@e-buster:/# uname -a
Linux e-buster 4.19.0-5-686-pae #1 SMP Debian 4.19.37-5 (2019-06-19) i686 GNU/Linux
root@e-buster:/#
root@e-buster:/# nft list ruleset
bash: nft: command not found
root@e-buster:/#
root@e-buster:/# man nft
No manual entry for nft
root@e-buster:/#


that was with the regular "su", exited back to my regular account, then tried the "su -"

Code: Select all
fosssc@e-buster:~$ su -
Password:
root@e-buster:~# nft list ruleset
-bash: nft: command not found
root@e-buster:~#




my v9 test box...with the regular "su"

Code: Select all
root@www4:/# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 9.9 (stretch)
Release:        9.9
Codename:       stretch
root@www4:/#
root@www4:/# uname -a
Linux www4 4.9.0-7-686-pae #1 SMP Debian 4.9.110-3+deb9u1 (2018-08-03) i686 GNU/Linux
root@www4:/#
root@www4:/# nft list ruleset
table inet filter {
        chain input {
                type filter hook input priority 0; policy accept;
                ct state established,related counter packets 16056925 bytes 8920190494 accept
                icmp type { echo-request} counter packets 26765 bytes 1109291 accept
        }

        chain forward {
                type filter hook forward priority 0; policy accept;
        }

        chain output {
                type filter hook output priority 0; policy accept;
        }
}
root@www4:/#
root@www4:/# nft -v
nftables v0.7 (Scrooge McDuck)
root@www4:/#
scott21
 
Posts: 5
Joined: 2019-07-09 13:05

Re: nft command not found Debian 10

Postby scott21 » 2019-07-09 14:37

debian 10 was a fresh install of the i386 network install iso.

ran the updates, installed vmware tools, set a static ip, disabled ipv6 in sysctl.conf, then installed a couple packages...net-tools, whois, sendmail, and sudo (even though I normally don't use it).

that's why I was baffled when I get command not found when trying anything with "nft"...since it was there in version 9 I thought it would be there in 10 by default.
scott21
 
Posts: 5
Joined: 2019-07-09 13:05

Re: nft command not found Debian 10

Postby scott21 » 2019-07-09 14:41

In debian 9, "nft" is located in /usr/sbin/ but it's not there in my install of 10.

Version 9
Code: Select all
root@www4:/# ls /usr/sbin
a2disconf             deluser            iconvconfig           phpenmod                 service                 update-default-wordlist
a2dismod              dmidecode          install-sgmlcatalog   phpquery                 setvesablank            update-dictcommon-aspell
a2dissite             dpkg-preconfigure  invoke-rc.d           praliases                slapacl                 update-dictcommon-hunspell
a2enconf              dpkg-reconfigure   ip6tables-apply       purgestat                slapadd                 update-grub
a2enmod               e2freefrag         iptables-apply        pwck                     slapauth                update-grub2
a2ensite              e4crypt            irqbalance            pwconv                   slapcat                 update-inetd
a2query               e4defrag           ispell-autobuildhash  pwunconv                 slapd                   update-initramfs
accessdb              editmap            laptop-detect         readprofile              slapdn                  update-locale
addgnupghome          etrn               ldattach              remove-default-ispell    slapindex               update-mime
addgroup              fdformat           locale-gen            remove-default-wordlist  slappasswd              update-passwd
add-shell             filefrag           logrotate             remove-shell             slapschema              update-pciids
adduser               genl               mailstats             rmt                      slaptest                update-rc.d
apache2               groupadd           makemap               rmt-tar                  smbd                    update-xmlcatalog
apache2ctl            groupdel           make-ssl-cert         rsyslogd                 split-logfile           upgrade-from-grub-legacy
apachectl             groupmems          mkinitramfs           rtcwake                  sshd                    useradd
applygnupgdefaults    groupmod           mklost+found          runq                     tarcat                  userdel
arp                   grpck              mksmbpasswd           safe_finger              tcpd                    usermod
arpd                  grpconv            mysqld                samba                    tcpdchk                 validlocale
aspell-autobuildhash  grpunconv          newaliases            samba_dnsupdate          tcpdmatch               vcstime
biosdecode            grub-bios-setup    newusers              samba_kcc                tcptraceroute           vigr
check_forensic        grub-install       nfnl_osf              samba_spnupdate          tcptraceroute.db        vipw
checksendmail         grub-macbless      nft                   samba_upgradedns         traceroute              visudo
chgpasswd             grub-mkconfig      nmbd                  select-default-ispell    try-from                vpddecode
chpasswd              grub-mkdevicemap   nologin               select-default-wordlist  tunelp                  zerofree
chroot                grub-probe         ownership             sendmail                 tzconfig                zic
cpgr                  grub-reboot        pam-auth-update       sendmailconfig           update-ca-certificates
cppw                  grub-set-default   pam_getenv            sendmail-msp             update-catalog
cron                  hoststat           pam_timestamp_check   sendmail-mta             update-default-aspell
delgroup              httxt2dbm          phpdismod             sensible-mda             update-default-ispell
root@www4:/#



version 10
Code: Select all
root@e-buster:~# ls /usr/sbin/
aa-remove-unknown      dhclient-script       grpck                        iptables-restore-translate  poweroff                 tarcat
aa-status              discover              grpconv                      iptables-save               praliases                tc
aa-teardown            discover-modprobe     grpunconv                    iptables-translate          purgestat                tcptraceroute
accessdb               discover-pkginstall   grub-bios-setup              iptunnel                    pwck                     tcptraceroute.db
acpi_available         dmidecode             grub-install                 isosize                     pwconv                   telinit
addgroup               dmsetup               grub-macbless                ispell-autobuildhash        pwunconv                 tipc
add-shell              dmstats               grub-mkconfig                kbdrate                     rarp                     traceroute
adduser                dpkg-preconfigure     grub-mkdevicemap             killall5                    raw                      tune2fs
agetty                 dpkg-reconfigure      grub-probe                   ldattach                    readprofile              tzconfig
apm_available          dumpe2fs              grub-reboot                  ldconfig                    reboot                   udevadm
apparmor_parser        e2freefrag            grub-set-default             locale-gen                  remove-default-ispell    unix_chkpwd
apparmor_status        e2fsck                halt                         logrotate                   remove-default-wordlist  unix_update
arp                    e2image               hdparm                       logsave                     remove-shell             update-ca-certificates
arpd                   e2label               hoststat                     losetup                     resize2fs                update-default-aspell
arptables              e2mmpstatus           hwclock                      lsmod                       rmmod                    update-default-ispell
arptables-nft          e2undo                iconvconfig                  mailstats                   rmt                      update-default-wordlist
arptables-nft-restore  e4crypt               ifconfig                     makemap                     rmt-tar                  update-dictcommon-aspell
arptables-nft-save     e4defrag              ifdown                       mii-tool                    route                    update-dictcommon-hunspell
arptables-restore      ebtables              ifquery                      mke2fs                      rsyslogd                 update-grub
arptables-save         ebtables-nft          ifup                         mkfs                        rtacct                   update-grub2
aspell-autobuildhash   ebtables-nft-restore  init                         mkfs.bfs                    rtcwake                  update-initramfs
badblocks              ebtables-nft-save     insmod                       mkfs.cramfs                 rtmon                    update-locale
biosdecode             ebtables-restore      installkernel                mkfs.ext2                   runlevel                 update-mime
blkdeactivate          ebtables-save         invoke-rc.d                  mkfs.ext3                   runq                     update-passwd
blkdiscard             editmap               ip                           mkfs.ext4                   runuser                  update-pciids
blkid                  etrn                  ip6tables                    mkfs.minix                  select-default-ispell    update-rc.d
blkzone                fdformat              ip6tables-apply              mkhomedir_helper            select-default-wordlist  upgrade-from-grub-legacy
blockdev               fdisk                 ip6tables-legacy             mkinitramfs                 sendmail                 useradd
bridge                 filefrag              ip6tables-legacy-restore     mklost+found                sendmailconfig           userdel
capsh                  findfs                ip6tables-legacy-save        mkswap                      sendmail-msp             usermod
cfdisk                 fsck                  ip6tables-nft                modinfo                     sendmail-mta             validlocale
chcpu                  fsck.cramfs           ip6tables-nft-restore        modprobe                    sensible-mda             vcstime
checksendmail          fsck.ext2             ip6tables-nft-save           mount.vmhgfs                service                  vigr
chgpasswd              fsck.ext3             ip6tables-restore            nameif                      setcap                   vipw
chmem                  fsck.ext4             ip6tables-restore-translate  newaliases                  setvesablank             visudo
chpasswd               fsck.minix            ip6tables-save               newusers                    sfdisk                   vmtoolsd
chroot                 fsfreeze              ip6tables-translate          nfnl_osf                    shadowconfig             vmware-checkvm
cpgr                   fstab-decode          ipmaddr                      nologin                     shutdown                 vmware-namespace-cmd
cppw                   fstrim                iptables                     on_ac_power                 slattach                 vmware-rpctool
cron                   genl                  iptables-apply               ownership                   sshd                     vmware-vmblock-fuse
ctrlaltdel             getcap                iptables-legacy              pam-auth-update             start-stop-daemon        vpddecode
debugfs                getpcaps              iptables-legacy-restore      pam_getenv                  sulogin                  wipefs
delgroup               getty                 iptables-legacy-save         pam_tally                   swaplabel                xtables-legacy-multi
deluser                groupadd              iptables-nft                 pam_tally2                  swapoff                  xtables-monitor
depmod                 groupdel              iptables-nft-restore         pam_timestamp_check         swapon                   xtables-nft-multi
devlink                groupmems             iptables-nft-save            pivot_root                  switch_root              zic
dhclient               groupmod              iptables-restore             plipconfig                  sysctl                   zramctl
root@e-buster:~#
scott21
 
Posts: 5
Joined: 2019-07-09 13:05

Re: nft command not found Debian 10

Postby GarryRicketson » 2019-07-09 14:49

Use some logic, and read my post more care fully :
Code: Select all
root@e-buster:/# man nft
No manual entry for nft
root@e-buster:/#

Indicates 'nftables" is not even installed.
So
Code: Select all
fosssc@e-buster:~$ su -
Password:
root@e-buster:~# nft list ruleset
-bash: nft: command not found
root@e-buster:~#
 

Obviously the command is not found. Try installing "nftables".
All though it should have been installed by default, something is wrong with your install,
and you need to install it.
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: nft command not found Debian 10

Postby GarryRicketson » 2019-07-09 14:52

Yet I only get command not found on Debian 10. There is no subfolder for the nftables examples under "/usr/share/doc/nftables/examples/" there is no "nftables" folder. So I'm a bit confused.

Also this comment, indicates the obvious, you do not have it installed. And please stop showing us what you Debian 9 stuff looked like , it is irrelevant and serves only to confuse things.
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: nft command not found Debian 10

Postby scott21 » 2019-07-09 14:57

This is why I asked...because it was in the previous version but not in this new version, at least not with my fresh install. and I did ask that in my original post if nftables was something I had to actually install, vs being in there by default. Thus my confusion about nft not working and there being iptables-nft present in version 10.

Seems that is what I have to do...install the nftables package.

Thanks.

It's now installed and now "nft" gives me output.
scott21
 
Posts: 5
Joined: 2019-07-09 13:05

Re: nft command not found Debian 10 [SOLVED]

Postby Head_on_a_Stick » 2019-07-09 17:22

See https://www.debian.org/releases/buster/ ... l#nftables

It is rather silly to have an iptables frontend for nftables, given that the simpler declarative ruleset is a major advantage of the new framework but a significant proportion of Debian users start frothing at the mouth when confronted with change so the developers have taken the cautious route with this one.
Don't break DebianHow to report bugs

SharpBang GNU/Linux — a pre-configured Openbox/Tint2 desktop running on Debian stable
User avatar
Head_on_a_Stick
 
Posts: 10600
Joined: 2014-06-01 17:46
Location: /dev/chair


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable