Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

[EDIT] Another question about nftables

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
Message
Author
User avatar
ticojohn
Posts: 1284
Joined: 2009-08-29 18:10
Location: Costa Rica
Has thanked: 21 times
Been thanked: 44 times

[EDIT] Another question about nftables

#1 Post by ticojohn »

I have seen a lot of discussions about nftables and there are many responses that have suggestions for the nftables.conf file. My question is this: Is the standard nftables.conf file that is included in the distribution (/etc/nftables.conf) not sufficient for most home workstations?
For reference, this is the file

Code: Select all

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority 0;
	}
	chain forward {
		type filter hook forward priority 0;
	}
	chain output {
		type filter hook output priority 0;
	}
}
EDIT: I should add that I am using Bullseye, but I suspect that previous versions of Debian included that config file.
Also, I should add that the nftables is NOT enabled nor started by default, but it is trivial to enable and start the service.
As root

Code: Select all

#systemctl enable nftables
#systemctl start nftables
You can verify status, either as user

Code: Select all

$ systemctl status nftables
or as root

Code: Select all

#systemctl status nftables
Last edited by ticojohn on 2022-05-22 20:19, edited 2 times in total.
I am not irrational, I'm just quantum probabilistic.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Another question about nftables

#2 Post by Head_on_a_Stick »

Those rules allow anything. They place no restrictions on traffic.

viewtopic.php?p=754358#p754358 shows how to enable a more restrictive firewall and explains why it might be needed.
deadbang

User avatar
ticojohn
Posts: 1284
Joined: 2009-08-29 18:10
Location: Costa Rica
Has thanked: 21 times
Been thanked: 44 times

Re: Another question about nftables

#3 Post by ticojohn »

Head_on_a_Stick wrote: 2022-05-22 20:13 Those rules allow anything. They place no restrictions on traffic.

viewtopic.php?p=754358#p754358 shows how to enable a more restrictive firewall and explains why it might be needed.
Thanks HOAS. I will apply the suggested changes.
I am not irrational, I'm just quantum probabilistic.

Post Reply