RE: is nft running? how do I get info?

[Bonno Bloksma <b.bloksma@tio.nl>]

Hi Dan,

>> I thought I understood it all and as far as I know I have a working config. But just trying to get a listing of the running config shows NOTHING.
>> linbookwormtest:~# nft list ruleset
>> linbookwormtest:~#
> 
> That says that you have no firewall set up.
That was my conclusion as well. :-(

> All Linux kernel firewalls are implemented via nft, even if you are using iptables or ufw or some other system.
Ok.

> Try this:
> 
> $ lsmod | grep nft

Well I get :
linbookwormtest:~# lsmod | grep nft
linbookwormtest:~#

Another NOTHING. And yes, lsmod itself does list the loaded modules.

> It's not a matter of running, it's a matter of whether rules have been loaded.
Probably not, but why not?

> Now whether I have those SSH lines enabled or disable them makes no 
> difference, I can still logon using ssh. :-(
> 
> How, how do I continue? It isn't even working on a clean install of Debian bookworm with the default config file.

> Try:
> # nft -f /etc/nftables.conf
> # nft list ruleset

Ok, that works. Now I get a firewall listing. So the config never gets loaded. Weird.

> I suspect you just don't have anything loading the rules.
But... should that not be system when it sees a executable nftables.conf file? That is de default Debian setup in which I have npt changed anything.
If that does not work then the Debian default does not work. I do not trhink there will be a lot of people who want to START by creating system service files just to get the firewall up and running each time.

With the old stuff I knew I had to execute a script loading the rules, that was normal. 
With nft everything is build in and the config file is executable. Why ?

Bonno