Re: is nft running? how do I get info?
Bonno Bloksma wrote:
> Hi,
>
> After years of using ipchains and later iptables as firewall I am now trying to use nft. :-)
>
> I thought I understood it all and as far as I know I have a working config. But just trying to get a listing of the running config shows NOTHING.
> linbookwormtest:~# nft list ruleset
> linbookwormtest:~#
That says that you have no firewall set up.
All Linux kernel firewalls are implemented via nft, even if you are
using iptables or ufw or some other system.
>
> There is nothing in the journal about nft
> linbookwormtest:~# journalctl -t nft
> -- Journal begins at Mon 2023-03-27 13:07:50 CEST, ends at Mon 2023-04-24 12:18:07 CEST. --
> -- No entries --
Try this:
$ lsmod | grep nft
I get:
nft_chain_nat 16384 3
nf_nat 57344 2 nft_chain_nat,xt_MASQUERADE
nft_compat 20480 25
x_tables 53248 13
xt_conntrack,nft_compat,xt_multiport,xt_state,xt_tcpudp,xt_tcpmss,xt_addrtype,xt_CHECKSUM,xt_recent,xt_set,ipt_REJECT,xt_MASQUERADE,ip6t_REJECT
nft_counter 16384 52
nf_tables 253952 153
nft_compat,nft_counter,nft_chain_nat
nfnetlink 20480 5
nft_compat,nf_conntrack_netlink,nf_tables,ip_set
> So nothing, not even a warning or an error. So how do I know if nft is running at all? I am guessing it does NOT run because.....
> Even using just the default ruleset in /etc/nftables.conf shows nothing in the logs. It should at least show something right?
It's not a matter of running, it's a matter of whether rules
have been loaded.
> Now whether I have those SSH lines enabled or disable them makes no difference, I can still logon using ssh. :-(
>
> How, how do I continue? It isn't even working on a clean install of Debian bookworm with the default config file.
Try:
# nft -f /etc/nftables.conf
# nft list ruleset
I suspect you just don't have anything loading the rules.
-dsr-
Reply to: