further nftables woes

Kernels & Hardware, configuring network, installing services

further nftables woes

Postby elaphecarinata » 2020-05-15 14:06

So on a vanilla Debian Buster I have nftables firewall running without issue. nftables v0.9.0 (Fearless Fosdick)

I also have the firewall working on a Linux Mint system, nftables v0.8.2 (Joe Btfsplk).

I am now trying to setup the firewall on a Raspbian system, Linux raspberrypi 5.4.40-v7l+ #1316 SMP Tue May 12 13:10:42 BST 2020 armv7l GNU/Linux, with nftables v0.9.0 (Fearless Fosdick). The service won't even start with anything in the nftables.conf file, giving errors like: /etc/nftables.conf:2:1-14: Error: Could not process rule: Operation not supported flush ruleset, when running sudo nft -c -f /etc/nftables.conf.

The same happens if I start the service with nothing in the .conf file and then try an interactive session:

create table ip mytable
Error: Could not process rule: Operation not supported
create table ip mytable
^^^^^^^^^^^^^^^^^^^^^^^^

How can I resolve this issue?

With nothing in the .conf file nftables starts up fine:

systemctl status nftables
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2020-05-15 15:50:03 BST; 1min 40s ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 1986 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
Main PID: 1986 (code=exited, status=0/SUCCESS)

May 15 15:50:03 raspberrypi systemd[1]: Starting nftables...
May 15 15:50:03 raspberrypi systemd[1]: Started nftables.

I am at the limit of my knowledge and could do with a pointer to fix the errors and move forward. Nftables was installed using apt from the raspbian repository
Last edited by elaphecarinata on 2020-05-15 14:40, edited 1 time in total.
elaphecarinata
 
Posts: 4
Joined: 2020-05-09 13:49

Re: further nftables woes

Postby elaphecarinata » 2020-05-15 14:39

Update:

I have found that I am missing the relevant kernel modules (specifically nf_tables.ko and the relevant nft_*.ko) from /lib/modules/5.4.40-v7l+/kernel/net/netfilter

So I am further forwards than I was
elaphecarinata
 
Posts: 4
Joined: 2020-05-09 13:49

Re: further nftables woes

Postby Head_on_a_Stick » 2020-05-17 12:45

elaphecarinata wrote:I am now trying to setup the firewall on a Raspbian system

That is not supported here.

https://www.raspberrypi.org/forums/
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12785
Joined: 2014-06-01 17:46
Location: /dev/chair


Return to System configuration

Who is online

Users browsing this forum: No registered users and 20 guests

fashionable