Bonno Bloksma wrote: > Hi, > > After years of using ipchains and later iptables as firewall I am now trying > to use nft. :-) > > I thought I understood it all and as far as I know I have a working config. > But just trying to get a listing of the running config shows NOTHING. > linbookwormtest:~# nft list ruleset > linbookwormtest:~#
That says that you have no firewall set up. All Linux kernel firewalls are implemented via nft, even if you are using iptables or ufw or some other system. > > There is nothing in the journal about nft > linbookwormtest:~# journalctl -t nft > -- Journal begins at Mon 2023-03-27 13:07:50 CEST, ends at Mon 2023-04-24 > 12:18:07 CEST. -- > -- No entries -- Try this: $ lsmod | grep nft I get: nft_chain_nat 16384 3 nf_nat 57344 2 nft_chain_nat,xt_MASQUERADE nft_compat 20480 25 x_tables 53248 13 xt_conntrack,nft_compat,xt_multiport,xt_state,xt_tcpudp,xt_tcpmss,xt_addrtype,xt_CHECKSUM,xt_recent,xt_set,ipt_REJECT,xt_MASQUERADE,ip6t_REJECT nft_counter 16384 52 nf_tables 253952 153 nft_compat,nft_counter,nft_chain_nat nfnetlink 20480 5 nft_compat,nf_conntrack_netlink,nf_tables,ip_set > So nothing, not even a warning or an error. So how do I know if nft is > running at all? I am guessing it does NOT run because..... > Even using just the default ruleset in /etc/nftables.conf shows nothing in > the logs. It should at least show something right? It's not a matter of running, it's a matter of whether rules have been loaded. > Now whether I have those SSH lines enabled or disable them makes no > difference, I can still logon using ssh. :-( > > How, how do I continue? It isn't even working on a clean install of Debian > bookworm with the default config file. Try: # nft -f /etc/nftables.conf # nft list ruleset I suspect you just don't have anything loading the rules. -dsr-
