вт, 25 апр. 2023 г. в 13:32, Bonno Bloksma <[email protected]>:
> > Debian's nftables package includes a systemd service to run nftables. You
> > might want to run systemctl status nftables first and then enable and to
> > start the service.
> Unfortunately nft is not a service. Trying the service command with nft gives
> an error.
> linbookwormtest:~# service nft status
> Unit nft.service could not be found.
> linbookwormtest:~#
$ sudo systemctl status nftables.service
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Docs: man:nft(8)
http://wiki.nftables.org
This is not true service, but only loader for /etc/nftables.conf rules
at boot, if enabled.
> Also trying command completion with the nft, or even nf, show no results.
> Using just the n for completion gives just the networking service.
nftables: /usr/sbin/nft
This is package, which can be installed or not.
And, if you use 'su' command, please use it right:
su -
> > I wonder how you used iptables? I always used a script for that but I had
> > to run it too for changes...
> I allways had a script too. I had it hooked in /etc/network/interfaces via
> either a pre-up or post-up rule depending if there was a fixed ip or a dhcp
> line in the interfaces file.
> A default Debian install has an executable /etc/nftables.conf file. If
> nothing is looking at that file then what is the "normal" wat to start the
> firewall?
see above
> Do I hook it up via one of the old /etc/init.d/ scripts? Do I create a script
> in one of the /etc/rc?.d/ directories?
No. You may write some scripts in /etc/network subdirs, if you REALLY
need custom rules at interface up or down.
> Is this a bug?
No. But docs need to be read.
/usr/share/doc/nftables/README.Debian - good starting point.
--
Stanislav
