You are not logged in.

#1 2014-09-27 20:14:38

Ochi
Member
Registered: 2010-04-06
Posts: 47

[SOLVED] Default nftables.conf does nothing?

Hello,

I'm currently playing around with nftables (Kernel 3.16.3-1, nftables1:0.3-3) . I noticed that loading /etc/nftables.conf which comes with the nftables package either by using

> systemctl start nftables

or

> nft -f /etc/nftables.conf

does nothing, as it seems. It does not give an error but trying to list the currently loaded tables using

> nft list tables

also returns an empty output. Looking at the /etc/nftables.conf file, I noticed that when I change the line

table inet filter {
...

to

table ip filter {
...

(and removing one line specific to ip6) and then reload the rules, the table seems to be added correctly:

> nft list tables
table filter

Am I overlooking something? Is "inet" still unsupported or broken? If it is not supported yet, maybe the included config file should not advertise a "Safe Firewall". But even then, why doesn't nft fail with an error?

Best regards,
Ochi

EDIT:

Nevermind - I should have listed the tables using

> nft list tables inet

as "ip" is the default family.

Last edited by Ochi (2014-09-27 20:17:16)

Offline

Board footer

Powered by FluxBB