Re: is nft running? how do I get info?
вт, 25 апр. 2023 г. в 13:32, Bonno Bloksma <b.bloksma@tio.nl>:
> > Debian's nftables package includes a systemd service to run nftables. You might want to run systemctl status nftables first and then enable and to start the service.
> Unfortunately nft is not a service. Trying the service command with nft gives an error.
> linbookwormtest:~# service nft status
> Unit nft.service could not be found.
> linbookwormtest:~#
$ sudo systemctl status nftables.service
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; disabled;
vendor preset: enabled)
Active: inactive (dead)
Docs: man:nft(8)
http://wiki.nftables.org
This is not true service, but only loader for /etc/nftables.conf rules
at boot, if enabled.
> Also trying command completion with the nft, or even nf, show no results. Using just the n for completion gives just the networking service.
nftables: /usr/sbin/nft
This is package, which can be installed or not.
And, if you use 'su' command, please use it right:
su -
> > I wonder how you used iptables? I always used a script for that but I had to run it too for changes...
> I allways had a script too. I had it hooked in /etc/network/interfaces via either a pre-up or post-up rule depending if there was a fixed ip or a dhcp line in the interfaces file.
> A default Debian install has an executable /etc/nftables.conf file. If nothing is looking at that file then what is the "normal" wat to start the firewall?
see above
> Do I hook it up via one of the old /etc/init.d/ scripts? Do I create a script in one of the /etc/rc?.d/ directories?
No. You may write some scripts in /etc/network subdirs, if you REALLY
need custom rules at interface up or down.
> Is this a bug?
No. But docs need to be read.
/usr/share/doc/nftables/README.Debian - good starting point.
--
Stanislav
Reply to: