further nftables woes

[elaphecarinata]

So on a vanilla Debian Buster I have nftables firewall running without issue. nftables v0.9.0 (Fearless Fosdick)

I also have the firewall working on a Linux Mint system, nftables v0.8.2 (Joe Btfsplk).

I am now trying to setup the firewall on a Raspbian system, Linux raspberrypi 5.4.40-v7l+ #1316 SMP Tue May 12 13:10:42 BST 2020 armv7l GNU/Linux, with nftables v0.9.0 (Fearless Fosdick). The service won't even start with anything in the nftables.conf file, giving errors like: /etc/nftables.conf:2:1-14: Error: Could not process rule: Operation not supported flush ruleset, when running sudo nft -c -f /etc/nftables.conf.

The same happens if I start the service with nothing in the .conf file and then try an interactive session:

create table ip mytable
Error: Could not process rule: Operation not supported
create table ip mytable
^^^^^^^^^^^^^^^^^^^^^^^^

How can I resolve this issue?

With nothing in the .conf file nftables starts up fine:

systemctl status nftables
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2020-05-15 15:50:03 BST; 1min 40s ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 1986 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
Main PID: 1986 (code=exited, status=0/SUCCESS)

May 15 15:50:03 raspberrypi systemd[1]: Starting nftables...
May 15 15:50:03 raspberrypi systemd[1]: Started nftables.

I am at the limit of my knowledge and could do with a pointer to fix the errors and move forward. Nftables was installed using apt from the raspbian repository

[elaphecarinata]

Update:

I have found that I am missing the relevant kernel modules (specifically nf_tables.ko and the relevant nft_*.ko) from /lib/modules/5.4.40-v7l+/kernel/net/netfilter

So I am further forwards than I was

[Head_on_a_Stick]

I am now trying to setup the firewall on a Raspbian system

That is not supported here.

https://www.raspberrypi.org/forums/