Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

NFtables systemd file or something ?? sry forgot [solved]

Linux Kernel, Network, and Services configuration.
Message
Author
cryptoa
Posts: 44
Joined: 2014-01-03 21:35

NFtables systemd file or something ?? sry forgot [solved]

#1 Post by cryptoa »

So i have been using Nftables for a while .... after a reinstall of Debian stable (stretch )

uname -a

Linux NAME 4.14.0-1-amd64 #1 SMP Debian 4.14.2-1 (2017-11-30) x86_64 GNU/Linux

issuing the command

sudo systemctl start nftables
OR
su -c "systemctl start nftalbes"

gives no error or information and dose not start nftables ...

if i do a apt-get remove --purge nftables ... and then a reinstall

and issue systemctl enable nftables ... I see crating symlink .... which is what i would expect ..

however then issueing sudo systemctl start ntfables dose nothing .. rebooting also has no effect ... at any stage ..

so i try to bypass systemd ..... and issue ... su -c "nft -f /etc/nftalbes.conf" shows success .... however dose not load..

so i am wounding .....

where is the service file ?? cause i looked where i would expect to see it ... in the rc folders ... and it's not there ..

any ideas ??

Apparmour somehow ??

I should add that I have purged iptables from the system ..


ok so i gapped on the location found the service files ..

/etc/systemd/system/multi-user.target.wants/nftables.service
/etc/systemd/system/sysinit.target.wants/nftables.service

Code: Select all

[Unit]
Description=nftables
Documentation=man:nft(8) http://wiki.nftables.org

[Service]
Type=oneshot
RemainAfterExit=yes
StandardInput=null
ProtectSystem=full
ProtectHome=true
ExecStart=/usr/sbin/nft -f /etc/nftables.conf
ExecReload=/usr/sbin/nft -f /etc/nftables.conf
ExecStop=/usr/sbin/nft flush ruleset

[Install]
WantedBy=multi-user.target
Which looks right to me ... however it is not working as i would expect ..... when i made the switch a few months ago the above commands worked just fine... granted i don't know systemd very well and should probably read over the manual .... however that is time consuming and time is currently short..

Thanks ..
Last edited by cryptoa on 2018-05-06 20:01, edited 1 time in total.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: NFtables systemd file or something ?? permissions somewh

#2 Post by Head_on_a_Stick »

cryptoa wrote:Linux NAME 4.14.0-1-amd64 #1 SMP Debian 4.14.2-1 (2017-11-30) x86_64 GNU/Linux
That's not a stretch kernel.

Please post the full output of:

Code: Select all

apt-cache policy
journalctl -u nftables.service # as root if you get no output as a normal user
I have nftables working just fine in my stretch systems.
deadbang

cryptoa
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

#3 Post by cryptoa »

APT polly :

Code: Select all

Package files:
 100 /var/lib/dpkg/status
     release a=now
 500 https://dl.winehq.org/wine-builds/debian stretch/main i386 Packages
     release v=9.0,o=dl.winehq.org,a=stable,n=stretch,l=winehq,c=main,b=i386
     origin dl.winehq.org
 500 https://dl.winehq.org/wine-builds/debian stretch/main amd64 Packages
     release v=9.0,o=dl.winehq.org,a=stable,n=stretch,l=winehq,c=main,b=amd64
     origin dl.winehq.org
1001 https://sparkylinux.org/repo stable/main i386 Packages
     release o=SparkyLinux,a=stable,n=stable,l=SparkyLinux,c=main,b=i386
     origin sparkylinux.org
1001 https://sparkylinux.org/repo stable/main amd64 Packages
     release o=SparkyLinux,a=stable,n=stable,l=SparkyLinux,c=main,b=amd64
     origin sparkylinux.org
 500 http://mirror.it.ubc.ca/debian stretch-updates/main i386 Packages
     release o=Debian,a=stable-updates,n=stretch-updates,l=Debian,c=main,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=stretch-updates,l=Debian,c=main,b=amd64
     origin mirror.it.ubc.ca
 500 http://security.debian.org/debian-security stretch/updates/contrib i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=i386
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/contrib amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/main i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=i386
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/non-free i386 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=i386
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/non-free amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=non-free,b=amd64
     origin security.debian.org
 500 http://mirror.it.ubc.ca/debian stretch/non-free i386 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=non-free,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/non-free amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=non-free,b=amd64
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/main i386 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=main,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/main amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=main,b=amd64
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/contrib i386 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=contrib,b=i386
     origin mirror.it.ubc.ca
 500 http://mirror.it.ubc.ca/debian stretch/contrib amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=contrib,b=amd64
     origin mirror.it.ubc.ca
Pinned packages:
journalctl -u .......

Code: Select all

 -- Logs begin at Thu 2017-12-14 12:29:53 PST, end at Thu 2017-12-14 14:43:44 PST
Dec 14 12:30:01 Node-V systemd[1]: Starting nftables...
Dec 14 12:30:02 Node-V systemd[1]: Started nftables.
Last edited by cryptoa on 2017-12-14 21:58, edited 1 time in total.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: NFtables systemd file or something ?? permissions somewh

#4 Post by Head_on_a_Stick »

deadbang

cryptoa
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

#5 Post by cryptoa »

sure however .... This is the same setup i had before ... with the same versions ....

this was an issue before i added sparky repo .. which is Debian as well ... i have never seen conflicts ..

and the only thing i using from sparky is enlightenment ... and that shouldn't conflict ..

and i just checked the kernel packages and they claim to be Debian .. the others in that list are disabled and not used for instants from SID is not used ... the only repos i am using are sparky(for enlightenment ) wine and Debian .

So i have removed the kernel and loaded the 4.9 kernel ..

Linux Name 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux
and disabled everything but Debian.. the issue persists ...

and you know it would be great if you know the system better than me rather than telling i did something wrong ..
to give an idea of where to look i'm not lost in linux i have used it for a long time ... however... very simple things in linux seem to matter a lot

So ... maybe i should ask, what would cause that to happen ?

i have the same issue running from a live setup .... which is A pure untouched Debian ... so i'm not sure that is the issue..

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: NFtables systemd file or something ?? permissions somewh

#6 Post by Head_on_a_Stick »

cryptoa wrote:i have the same issue running from a live setup .... which is A pure untouched Debian ... so i'm not sure that is the issue..
I have just tried my own custom live image[1] (which is based on Debian stretch and fully updated as of yesterday) and the firewall is working fine there:

https://scrot.moe/image/6pIqh

Perhaps it is not Debian that is at fault here?

Does `nft list ruleset` produce any output in your systems?

[1] https://forums.bunsenlabs.org/viewtopic.php?id=4334
deadbang

User avatar
Capitain_Jack
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

#7 Post by Capitain_Jack »

Head_on_a_Stick wrote:
cryptoa wrote:i have the same issue running from a live setup .... which is A pure untouched Debian ... so i'm not sure that is the issue..
I have just tried my own custom live image[1] (which is based on Debian stretch and fully updated as of yesterday) and the firewall is working fine there:

https://scrot.moe/image/6pIqh

Perhaps it is not Debian that is at fault here?

Does `nft list ruleset` produce any output in your systems?

[1] https://forums.bunsenlabs.org/viewtopic.php?id=4334
I'm sorry Head_on_a_Stick, you're not being clear and less helpful, simply pasting the link DO NOT help if you don't explain why.

Being such a closed mind into Debian world should be shameful...
https://wiki.debian.org/Derivatives

SparkyLinux, in case you missed it, have all three flavors, so the only mistake cryptoa was the sparky repo version you added.

Start over and change the version of that repository and every thing will be fine, as suggested by our not so helpful collage link, you cannot mix Debian flavors (stable, testing, unstable), that's when problems occur.

https://sparkylinux.org/wiki/doku.php/repository

The wiki doesn't show the unstable repo because it's meant for advanced users, but as you can notice, simply change the version name after the repo address and package priority.
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: NFtables systemd file or something ?? permissions somewh

#8 Post by bw123 »

...when i made the switch a few months ago the above commands worked just fine... granted i don't know systemd very well and should probably read over the manual ....
When you made what switch? I know systemd is tough to understand, I struggle a lot with it. reading over the manual is going to take awhile, so I think cheat sheets are good. There are some good basic helpful links on the forum here about it, many posted by HOAS. Searching with the box, or searching previous posts by HOAS has been helpful to me.

Why haven't you checked
'# systemctl status whatever.service'

?

About the sparkylinux repo thing, well enlightnemnet is in debian repos isn't it? What would you want to mix the two? I really am a true believer that a person should be able to do whatever they want on their computer, but the advice is really plain:
Ubuntu, Mint or other derivative repositories are not compatible with Debian!
resigned by AI ChatGPT

User avatar
Capitain_Jack
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

#9 Post by Capitain_Jack »

bw123 wrote: About the sparkylinux repo thing, well enlightnemnet is in debian repos isn't it? What would you want to mix the two? I really am a true believer that a person should be able to do whatever they want on their computer, but the advice is really plain:
Ubuntu, Mint or other derivative repositories are not compatible with Debian!

How can you say that??

daniel@zionsparkyx64:~$ cat /etc/apt/sources.list
deb http://ftp.debian.org/debian/ testing main contrib non-free
deb-src http://ftp.debian.org/debian/ testing main contrib non-free
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
deb http://www.deb-multimedia.org/ testing non-free main


##
##
## Other repos can be found in /etc/apt/sources.list.d directory ##

daniel@zionsparkyx64:/etc/apt/sources.list.d$ ls
google-chrome.list liquorix.list sid.list sparky-dde.list sparky-testing.list sparky-unstable.list teamviewer.list teamviewer.list.dpkg-old
daniel@zionsparkyx64:/etc/apt/sources.list.d$ cat sparky-testing.list
### sparky testing repository
### used as default by all sparky editions
deb https://sparkylinux.org/repo/ testing main
deb-src https://sparkylinux.org/repo/ testing main


OMG how is possible that I'm using as main repo Debian and also sparkylinux as secondary one?? Here is why:
"...It has been built on the “testing” branch of Debian GNU/Linux..."
"...A common, but not unique pattern for derivatives is that of reusing/rebuilding most of the official Debian packages and adding some custom packages of their own...."

https://sparkylinux.org/wiki/doku.php/about

https://wiki.debian.org/Derivatives
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha

User avatar
Capitain_Jack
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

#10 Post by Capitain_Jack »

bw123 wrote:...well enlightnemnet is in debian repos isn't it?... ]


"...Debian

Enlightenment and EFL Debian official packages are outdated.

Two ways are possible : install from the sources, or install from the debian experimental repository.

To start Enlightenment, see the run-time requirements below....

https://www.enlightenment.org/docs/distros/debian-start

"...You have searched for packages that names contain enlightenment in all suites, all sections, and all architectures. Found 4 matching packages.
Exact hits
Package enlightenment

experimental (rc-buggy) (x11): X11 window manager based on EFL
0.22.1-2: amd64 armel i386 mips mips64el mipsel powerpc ppc64 ppc64el
0.21.5-1: arm64..."

https://packages.debian.org/search?keyw ... ightenment
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: NFtables systemd file or something ?? permissions somewh

#11 Post by bw123 »

sorry, I must be mistaken about enlightenment, or efl.

I was looking at this:
https://packages.debian.org/stretch/e17
resigned by AI ChatGPT

User avatar
Capitain_Jack
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

#12 Post by Capitain_Jack »

Ubuntu, Mint or other derivative repositories are not compatible with Debian!
[/quote]

Forgot to mention what was said before, and what this apply to:
"...For example, installing packages from buster on a stretch system could also install newer versions of core libraries including libc6. This results in a system that is not testing or stable but a broken mix of the two..."

Ubuntu is a rebuild of Debian, so does have it's own main repo, not a direct derivation like sparkylinux or others distros can be, but in genneral, what that means is: don't mix flavors. If your derivation Debian uses Debian repos as main ones, than most likely it only have extra programs or packages, using Debian as base, so you just keep the same flavor, stable, testing or unstable.
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha

User avatar
Capitain_Jack
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

#13 Post by Capitain_Jack »

"Don't blindly follow bad advice...
...It's better to take the time to figure out the correct way to do something first than spending even more time fixing a broken system later. You would not let some random stranger feed your baby; do not execute commands without first understanding what they do..."

This is the most important advice.
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha

cryptoa
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

#14 Post by cryptoa »

well i have done a reinstall of Debian pure ..

here is no extras repos ... and same issue ...

So now then .... where do i start to track the problem ??

also it should be noted that .... i do not use Ubuntu repos .. Sparky is Debian ... and i am using the stable.

arochester
Emeritus
Emeritus
Posts: 2435
Joined: 2010-12-07 19:55
Has thanked: 14 times
Been thanked: 54 times

Re: NFtables systemd file or something ?? permissions somewh

#15 Post by arochester »

Sparky is Debian
No.

Start with Debian.
Add some things.
Take away some things.
Change some things.
End up with XYZ Linux.

XYZ Linux is not Debian.

Debian is the thing you started with...

cryptoa
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something [SOLVED]

#16 Post by cryptoa »

listen i did a full reinstall ... using a debain disk ..... pure ... i have done nothing except removed iptables and replaced with nftables ..

i have not touched the debain setup ither than what i have lited here ..

Code: Select all

. 
 100 /var/lib/dpkg/status
     release a=now
 500 http://mirror.it.ubc.ca/debian stretch-updates/main amd64 Packages
     release o=Debian,a=stable-updates,n=stretch-updates,l=Debian,c=main,b=amd64
     origin mirror.it.ubc.ca
 500 http://security.debian.org/debian-security stretch/updates/contrib amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=contrib,b=amd64
     origin security.debian.org
 500 http://security.debian.org/debian-security stretch/updates/main amd64 Packages
     release v=9,o=Debian,a=stable,n=stretch,l=Debian-Security,c=main,b=amd64
     origin security.debian.org
 500 http://mirror.it.ubc.ca/debian stretch/main amd64 Packages
     release v=9.3,o=Debian,a=stable,n=stretch,l=Debian,c=main,b=amd64
     origin mirror.it.ubc.ca
Pinned packages:

Code: Select all

-- Logs begin at Fri 2017-12-15 11:38:55 PST, end at Fri 2017-12-15 12:02:39 PST
Dec 15 11:38:55 node-V systemd[1]: Starting nftables...
Dec 15 11:38:55 node-V systemd[1]: Started nftables.

su -c "systemctl status nftables"
Password: 
● nftables.service - nftables
   Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset:
   Active: active (exited) since Fri 2017-12-15 11:38:55 PST; 34min ago
     Docs: man:nft(8)
           http://wiki.nftables.org
 Main PID: 398 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/nftables.service

Dec 15 11:38:55 node-V systemd[1]: Starting nftables...
Dec 15 11:38:55 node-V systemd[1]: Started nftables.

So the question is why is it quitting? and actually i did a top | grep nftables and with nft .... and it never was in the list at all ... i'm not sure if you can pipe top like that .... but it looked like you could when i tried with a program that was working properly .
Last edited by cryptoa on 2017-12-15 21:52, edited 1 time in total.

User avatar
Capitain_Jack
Posts: 153
Joined: 2017-12-15 12:07
Location: Brazil capital, Brasilia, At the favela.

Re: NFtables systemd file or something ?? permissions somewh

#17 Post by Capitain_Jack »

arochester wrote:
Sparky is Debian
No.

Start with Debian.
Add some things.
Take away some things.
Change some things.
End up with XYZ Linux.

XYZ Linux is not Debian.

Debian is the thing you started with...
Sparkylinux base is Debian non-free Sr., or haven't you read what I just posted?
"Great spirits have always encountered violent opposition from mediocre minds."
Albert Einstein
"All wrong-doing arises because of mind. If mind is transformed can wrong-doing remain?"
Buddha

cryptoa
Posts: 44
Joined: 2014-01-03 21:35

Re: NFtables systemd file or something ?? permissions somewh

#18 Post by cryptoa »

If you'll notice i did a full reinstall .... there is NO anything other than the Debian disk ..

it would be great if you would read what i type before responding with invalid help ..

uname -a

Linux node-V 4.9.0-4-amd64 #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux

Anyway i have resoled the issue .... now I'm not sure why the process is hidden, but it is loading just not in the tasks list .. it would have been great if someone could have just told me that...
and before someone says it .... yes i am viewing all tasks ... i did it as root as well .... and nft in not listed anywhere in processes ... which is why i was saying it was broken in the first place


is there a way to see hidden tasks?
Last edited by cryptoa on 2017-12-15 21:50, edited 1 time in total.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: NFtables systemd file or something ?? permissions somewh

#19 Post by Head_on_a_Stick »

cryptoa wrote:it would be great if you would read what i type before responding with invalid help ..
+1 :roll:

Does `nft list ruleset` produce any output at all?

As I have said several times, nftables works fine for me with Debian stretch.
deadbang

arochester
Emeritus
Emeritus
Posts: 2435
Joined: 2010-12-07 19:55
Has thanked: 14 times
Been thanked: 54 times

Re: NFtables systemd file or something ?? permissions somewh

#20 Post by arochester »

Sparkylinux base is Debian non-free
Sparky Linux may be "based" on Debian.

About 130 distros are "based" on Debian

It is NOT Debian.

That is why it is called Sparky Linux and it is not called Debian.

Post Reply