NFtables systemd file or something ?? sry forgot [solved]

Kernels & Hardware, configuring network, installing services

NFtables systemd file or something ?? sry forgot [solved]

Postby cryptoa » 2017-12-14 20:37

So i have been using Nftables for a while .... after a reinstall of Debian stable (stretch )

uname -a

Linux NAME 4.14.0-1-amd64 #1 SMP Debian 4.14.2-1 (2017-11-30) x86_64 GNU/Linux

issuing the command

sudo systemctl start nftables
OR
su -c "systemctl start nftalbes"

gives no error or information and dose not start nftables ...

if i do a apt-get remove --purge nftables ... and then a reinstall

and issue systemctl enable nftables ... I see crating symlink .... which is what i would expect ..

however then issueing sudo systemctl start ntfables dose nothing .. rebooting also has no effect ... at any stage ..

so i try to bypass systemd ..... and issue ... su -c "nft -f /etc/nftalbes.conf" shows success .... however dose not load..

so i am wounding .....

where is the service file ?? cause i looked where i would expect to see it ... in the rc folders ... and it's not there ..

any ideas ??

Apparmour somehow ??

I should add that I have purged iptables from the system ..


ok so i gapped on the location found the service files ..

/etc/systemd/system/multi-user.target.wants/nftables.service
/etc/systemd/system/sysinit.target.wants/nftables.service

Code: Select all
[Unit]
Description=nftables
Documentation=man:nft(8) http://wiki.nftables.org

[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=null
ProtectSystem=full
ProtectHome=true
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecReload=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush ruleset

[Install]
WantedBy=multi-user.target


Which looks right to me ... however it is not working as i would expect ..... when i made the switch a few months ago the above commands worked just fine... granted i don't know systemd very well and should probably read over the manual .... however that is time consuming and time is currently short..

Thanks ..
Last edited by cryptoa on 2018-05-06 20:01, edited 1 time in total.
cryptoa
 
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

Postby Head_on_a_Stick » 2017-12-14 21:51

cryptoa wrote:Linux NAME 4.14.0-1-amd64 #1 SMP Debian 4.14.2-1 (2017-11-30) x86_64 GNU/Linux

That's not a stretch kernel.

Please post the full output of:
Code: Select all
apt-cache policy
journalctl -u nftables.service # as root if you get no output as a normal user

I have nftables working just fine in my stretch systems.
E Pluribus Unix
User avatar
Head_on_a_Stick
 
Posts: 7777
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: NFtables systemd file or something ?? permissions somewh

Postby cryptoa » 2017-12-14 21:57

APT polly :
Code: Select all
Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 https://dl.winehq.org/wine-builds/debian stretch/main i386 Packages
     release v=9.0,o=dl.winehq.org,a=stable,n=stretch,l=winehq,c=main,b=i386
     origin dl.winehq.org
 500 https://dl.winehq.org/wine-builds/debian stretch/main amd64 Packages
     release v=9.0,o=dl.winehq.org,a=stable,n=stretch,l=winehq,c=main,b=amd64
     origin dl.winehq.org
1001 https://sparkylinux.org/repo stable/main i386 Packages
     release o=SparkyLinux,a=stable,n=stable,l=SparkyLinux,c=main,b=i386
     origin sparkylinux.org
1001 https://sparkylinux.org/repo stable/main amd64 Packages
     release o=SparkyLinux,a=stable,n=stable,l=SparkyLinux,c=main,b=amd64
     origin sparkylinux.org
 500 http://mirror.it.ubc.ca/debian stretch-updates/main i386 Packages
     release o=Debian,a=stable-updates,n=stretch-updates,l=Debian,c=main,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=stretch-updates,l=Debian,c=main,b=amd64
     origin mirror.it.ubc.ca
 500 http://security.debian.org/debian-security stretch/updates/contrib i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=i386
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/contrib amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/main i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=i386
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/non-free i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=i386
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/non-free amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=amd64
     origin security.debian.org
 500 http://mirror.it.ubc.ca/debian stretch/non-free i386 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=non-free,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/non-free amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=non-free,b=amd64
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/main i386 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=main,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/main amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=main,b=amd64
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/contrib i386 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=contrib,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/contrib amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=contrib,b=amd64
     origin mirror.it.ubc.ca
Pinned packages:


journalctl -u .......

Code: Select all
 -- Logs begin at Thu 2017-12-14 12:29:53 PST, end at Thu 2017-12-14 14:43:44 PST
Dec 14 12:30:01 Node-V systemd[1]: Starting nftables...
Dec 14 12:30:02 Node-V systemd[1]: Started nftables.
Last edited by cryptoa on 2017-12-14 21:58, edited 1 time in total.
cryptoa
 
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

Postby Head_on_a_Stick » 2017-12-14 21:57

E Pluribus Unix
User avatar
Head_on_a_Stick
 
Posts: 7777
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: NFtables systemd file or something ?? permissions somewh

Postby cryptoa » 2017-12-14 22:01

sure however .... This is the same setup i had before ... with the same versions ....

this was an issue before i added sparky repo .. which is Debian as well ... i have never seen conflicts ..

and the only thing i using from sparky is enlightenment ... and that shouldn't conflict ..

and i just checked the kernel packages and they claim to be Debian .. the others in that list are disabled and not used for instants from SID is not used ... the only repos i am using are sparky(for enlightenment ) wine and Debian .

So i have removed the kernel and loaded the 4.9 kernel ..

Linux Name 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux
and disabled everything but Debian.. the issue persists ...

and you know it would be great if you know the system better than me rather than telling i did something wrong ..
to give an idea of where to look i'm not lost in linux i have used it for a long time ... however... very simple things in linux seem to matter a lot

So ... maybe i should ask, what would cause that to happen ?

i have the same issue running from a live setup .... which is A pure untouched Debian ... so i'm not sure that is the issue..
cryptoa
 
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

Postby Head_on_a_Stick » 2017-12-15 06:21

cryptoa wrote:i have the same issue running from a live setup .... which is A pure untouched Debian ... so i'm not sure that is the issue..

I have just tried my own custom live image[1] (which is based on Debian stretch and fully updated as of yesterday) and the firewall is working fine there:

https://scrot.moe/image/6pIqh

Perhaps it is not Debian that is at fault here?

Does `nft list ruleset` produce any output in your systems?

[1] https://forums.bunsenlabs.org/viewtopic.php?id=4334
E Pluribus Unix
User avatar
Head_on_a_Stick
 
Posts: 7777
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: NFtables systemd file or something ?? permissions somewh

Postby Capitain_Jack » 2017-12-15 12:19

Head_on_a_Stick wrote:
cryptoa wrote:i have the same issue running from a live setup .... which is A pure untouched Debian ... so i'm not sure that is the issue..

I have just tried my own custom live image[1] (which is based on Debian stretch and fully updated as of yesterday) and the firewall is working fine there:

https://scrot.moe/image/6pIqh

Perhaps it is not Debian that is at fault here?

Does `nft list ruleset` produce any output in your systems?

[1] https://forums.bunsenlabs.org/viewtopic.php?id=4334


I'm sorry Head_on_a_Stick, you're not being clear and less helpful, simply pasting the link DO NOT help if you don't explain why.

Being such a closed mind into Debian world should be shameful...
https://wiki.debian.org/Derivatives

SparkyLinux, in case you missed it, have all three flavors, so the only mistake cryptoa was the sparky repo version you added.

Start over and change the version of that repository and every thing will be fine, as suggested by our not so helpful collage link, you cannot mix Debian flavors (stable, testing, unstable), that's when problems occur.

https://sparkylinux.org/wiki/doku.php/repository

The wiki doesn't show the unstable repo because it's meant for advanced users, but as you can notice, simply change the version name after the repo address and package priority.
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha
User avatar
Capitain_Jack
 
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

Postby bw123 » 2017-12-15 13:33

...when i made the switch a few months ago the above commands worked just fine... granted i don't know systemd very well and should probably read over the manual ....


When you made what switch? I know systemd is tough to understand, I struggle a lot with it. reading over the manual is going to take awhile, so I think cheat sheets are good. There are some good basic helpful links on the forum here about it, many posted by HOAS. Searching with the box, or searching previous posts by HOAS has been helpful to me.

Why haven't you checked
'# systemctl status whatever.service'

?

About the sparkylinux repo thing, well enlightnemnet is in debian repos isn't it? What would you want to mix the two? I really am a true believer that a person should be able to do whatever they want on their computer, but the advice is really plain:

Ubuntu, Mint or other derivative repositories are not compatible with Debian!
User avatar
bw123
 
Posts: 3189
Joined: 2011-05-09 06:02
Location: TN_USA

Re: NFtables systemd file or something ?? permissions somewh

Postby Capitain_Jack » 2017-12-15 13:47

bw123 wrote:About the sparkylinux repo thing, well enlightnemnet is in debian repos isn't it? What would you want to mix the two? I really am a true believer that a person should be able to do whatever they want on their computer, but the advice is really plain:

Ubuntu, Mint or other derivative repositories are not compatible with Debian!



How can you say that??

daniel@zionsparkyx64:~$ cat /etc/apt/sources.list
deb http://ftp.debian.org/debian/ testing main contrib non-free
deb-src http://ftp.debian.org/debian/ testing main contrib non-free
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
deb http://www.deb-multimedia.org/ testing non-free main


##
##
## Other repos can be found in /etc/apt/sources.list.d directory ##

daniel@zionsparkyx64:/etc/apt/sources.list.d$ ls
google-chrome.list liquorix.list sid.list sparky-dde.list sparky-testing.list sparky-unstable.list teamviewer.list teamviewer.list.dpkg-old
daniel@zionsparkyx64:/etc/apt/sources.list.d$ cat sparky-testing.list
### sparky testing repository
### used as default by all sparky editions
deb https://sparkylinux.org/repo/ testing main
deb-src https://sparkylinux.org/repo/ testing main


OMG how is possible that I'm using as main repo Debian and also sparkylinux as secondary one?? Here is why:
"...It has been built on the “testing” branch of Debian GNU/Linux..."
"...A common, but not unique pattern for derivatives is that of reusing/rebuilding most of the official Debian packages and adding some custom packages of their own...."

https://sparkylinux.org/wiki/doku.php/about

https://wiki.debian.org/Derivatives
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha
User avatar
Capitain_Jack
 
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

Postby Capitain_Jack » 2017-12-15 13:51

bw123 wrote:...well enlightnemnet is in debian repos isn't it?... ]


"...Debian

Enlightenment and EFL Debian official packages are outdated.

Two ways are possible : install from the sources, or install from the debian experimental repository.

To start Enlightenment, see the run-time requirements below....

https://www.enlightenment.org/docs/distros/debian-start

"...You have searched for packages that names contain enlightenment in all suites, all sections, and all architectures. Found 4 matching packages.
Exact hits
Package enlightenment

experimental (rc-buggy) (x11): X11 window manager based on EFL
0.22.1-2: amd64 armel i386 mips mips64el mipsel powerpc ppc64 ppc64el
0.21.5-1: arm64..."

https://packages.debian.org/search?keyw ... ightenment
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha
User avatar
Capitain_Jack
 
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

Postby bw123 » 2017-12-15 13:58

sorry, I must be mistaken about enlightenment, or efl.

I was looking at this:
https://packages.debian.org/stretch/e17
User avatar
bw123
 
Posts: 3189
Joined: 2011-05-09 06:02
Location: TN_USA

Re: NFtables systemd file or something ?? permissions somewh

Postby Capitain_Jack » 2017-12-15 14:00

Ubuntu, Mint or other derivative repositories are not compatible with Debian!
[/quote]

Forgot to mention what was said before, and what this apply to:
"...For example, installing packages from buster on a stretch system could also install newer versions of core libraries including libc6. This results in a system that is not testing or stable but a broken mix of the two..."

Ubuntu is a rebuild of Debian, so does have it's own main repo, not a direct derivation like sparkylinux or others distros can be, but in genneral, what that means is: don't mix flavors. If your derivation Debian uses Debian repos as main ones, than most likely it only have extra programs or packages, using Debian as base, so you just keep the same flavor, stable, testing or unstable.
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha
User avatar
Capitain_Jack
 
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

Postby Capitain_Jack » 2017-12-15 14:02

"Don't blindly follow bad advice...
...It's better to take the time to figure out the correct way to do something first than spending even more time fixing a broken system later. You would not let some random stranger feed your baby; do not execute commands without first understanding what they do..."

This is the most important advice.
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha
User avatar
Capitain_Jack
 
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

Postby cryptoa » 2017-12-15 18:57

well i have done a reinstall of Debian pure ..

here is no extras repos ... and same issue ...

So now then .... where do i start to track the problem ??

also it should be noted that .... i do not use Ubuntu repos .. Sparky is Debian ... and i am using the stable.
cryptoa
 
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

Postby arochester » 2017-12-15 19:07

Sparky is Debian


No.

Start with Debian.
Add some things.
Take away some things.
Change some things.
End up with XYZ Linux.

XYZ Linux is not Debian.

Debian is the thing you started with...
arochester
 
Posts: 1283
Joined: 2010-12-07 19:55

Next

Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable