After using iptables for years, I'm using nftables on Debian 11 for the first time, and have encountered a weird issue which may just be due to my own lack of experience with this. FYI, I'm doing everything here as root.
I have a valid ruleset stored in the file /root/nftables/ruleset.txt .
When I run this, it works:
nft -f -
flush ruleset
include "/root/nftables/ruleset.txt"
<CTRL-D>
I then run "nft list ruleset" and get the expected results.
But when I put this in /etc/nftables.conf...
#!/usr/sbin/nft -f
flush ruleset
include "/root/nftables/ruleset.txt"
This happens...
# systemctl start nftables
Job for nftables.service failed because the control process exited with error code.
See "systemctl status nftables.service" and "journalctl -xe" for details.
# systemctl status nftables
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-10-03 16:48:55 EDT; 9s ago
Docs: man:nft(8)
http://wiki.nftables.org Process: 926 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=1/FAILURE)
Main PID: 926 (code=exited, status=1/FAILURE)
CPU: 14ms
Oct 03 16:48:55 host systemd[1]: Starting nftables...
Oct 03 16:48:55 host nft[926]: /etc/nftables.conf:4:1-37: Error: File not found: /root/nftables/ruleset.txt
Oct 03 16:48:55 host nft[926]: include "/root/nftables/ruleset.txt"
Oct 03 16:48:55 host nft[926]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Oct 03 16:48:55 host systemd[1]: nftables.service: Main process exited, code=exited, status=1/FAILURE
Oct 03 16:48:55 host systemd[1]: nftables.service: Failed with result 'exit-code'.
Oct 03 16:48:55 host systemd[1]: Failed to start nftables.
Does anyone know why nft will load the included file manually but throws an error when doing it through systemd?
Thanks!
Dave
--
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him