RE: is nft running? how do I get info?
Hi Dan,
>> I thought I understood it all and as far as I know I have a working config. But just trying to get a listing of the running config shows NOTHING.
>> linbookwormtest:~# nft list ruleset
>> linbookwormtest:~#
>
> That says that you have no firewall set up.
That was my conclusion as well. :-(
> All Linux kernel firewalls are implemented via nft, even if you are using iptables or ufw or some other system.
Ok.
> Try this:
>
> $ lsmod | grep nft
Well I get :
linbookwormtest:~# lsmod | grep nft
linbookwormtest:~#
Another NOTHING. And yes, lsmod itself does list the loaded modules.
> It's not a matter of running, it's a matter of whether rules have been loaded.
Probably not, but why not?
> Now whether I have those SSH lines enabled or disable them makes no
> difference, I can still logon using ssh. :-(
>
> How, how do I continue? It isn't even working on a clean install of Debian bookworm with the default config file.
> Try:
> # nft -f /etc/nftables.conf
> # nft list ruleset
Ok, that works. Now I get a firewall listing. So the config never gets loaded. Weird.
> I suspect you just don't have anything loading the rules.
But... should that not be system when it sees a executable nftables.conf file? That is de default Debian setup in which I have npt changed anything.
If that does not work then the Debian default does not work. I do not trhink there will be a lot of people who want to START by creating system service files just to get the firewall up and running each time.
With the old stuff I knew I had to execute a script loading the rules, that was normal.
With nft everything is build in and the config file is executable. Why ?
Bonno
Reply to: