Am Tue, Apr 25, 2023 at 07:58:56AM +0000 schrieb Bonno Bloksma: Hi Bonno, > Hi Anssi, > > >> There is nothing in the journal about nft > >> linbookwormtest:~#journalctl -t nft -- Journal begins at Mon > >> 2023-03-27 13:07:50 CEST, ends at Mon 2023-04-24 12:18:07 CEST. > >> -- -- No entries -- > > > Debian's nftables package includes a systemd service to run > > nftables. You might want to run systemctl status nftables first > > and then enable and to start the service. > Unfortunately nft is not a service. Trying the service command with > nft gives an error. linbookwormtest:~# service nft status Unit > nft.service could not be found. linbookwormtest:~# The service is named nftables. This is the name which must be applied to enable the service and for digging in the logs. nft is used to manage the filter. Please see https://www.debian.org/doc/manuals/debian-handbook/sect.firewall-packet-filtering.en.html Just as a reference the output from my system: # systemctl status nftables ● nftables.service - nftables Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled) Active: active (exited) since Tue 2023-04-25 10:28:37 CEST; 26min ago Docs: man:nft(8) http://wiki.nftables.org Process: 226 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS) Main PID: 226 (code=exited, status=0/SUCCESS) CPU: 11ms Apr 25 10:28:37 lenovo systemd[1]: Finished nftables. Warning: journal has been rotated since unit was started, output may be incomplete. > Also trying command completion with the nft, or even nf, show no > results. Using just the n for completion gives just the networking > service. > > > I wonder how you used iptables? I always used a script for that > > but I had to run it too for changes... > I allways had a script too. I had it hooked in > /etc/network/interfaces via either a pre-up or post-up rule > depending if there was a fixed ip or a dhcp line in the interfaces > file. > > A default Debian install has an executable /etc/nftables.conf file. This configuration is started by systemd with nft -f /etc/nftables.conf. The default file does no filtering at all. > If nothing is looking at that file then what is the "normal" wat to > start the firewall? Do I hook it up via one of the old /etc/init.d/ > scripts? Do I create a script in one of the /etc/rc?.d/ directories? > I am pretty sure they don't expect every novice to start writing > systemd service files? I don't even know where they are, I never > touch them, too much can go wrong by not understanding how it all > connects. If I install dhcp it comes with default config files. If > I change them then THAT config gets loaded. > > If Debian does NOTHING with that nft config file then why is it > there? Is this a bug? Please enable the firewall by # systemctl enable nftables.service. Then it should work. Kind regards, Christoph -- Ist die Katze gesund schmeckt sie dem Hund.
Attachment:
signature.asc
Description: PGP signature