Hello,
Am 24.10.2023 um 16:19 schrieb Henggi:
...
As I mentioned in my 1st email, I think (afaik) that no other netfitler
module/service is running.
My anecdote was intended to illustrate that beliefs are not really good
tools to diagnose problems ;-)
root@server:~# systemctl status firewalld
Unit firewalld.service could not be found.
Ok, so whatever it is, it's not firewalld managed on the local host.
What does
nft list ruleset
show?
(Unfortunately, this is all I know about netfilter diagnostics... and I
couldn't even get this far without internet search engine :-)
However, then there are kernel modules loaded when looking for „net OR filter
OR fire OR ip“ as followed (of which I assume are just loaded as part of the
default base system but not doing anyhting - how to be sure of it):
root@server:~# lsmod |egrep -i "net|filter|fire|ip"
inet_diag 28672 1 tcp_diag
iptable_nat 16384 0
nf_nat 49152 1 iptable_nat
iptable_filter 16384 0
nf_defrag_ipv6 20480 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
nfnetlink 20480 1 nf_tables
ip_tables 32768 2 iptable_filter,iptable_nat
x_tables 53248 3 iptable_filter,ip_tables,iptable_nat
ipv6 557056 20
Just for reference:
# lsmod | grep -E '^nf' | wc -l
34
so there may be a lot more, which your grep filter hid from you.
I'm also noticing that fwbuilder, my tool of choice, seems to be
scratching on the border line between "stable" and "legacy"...
Cheers,
Arno
--
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück