RE: is nft running? how do I get info?
Hi All,
Did I discover a bug in the bookwork release? I think we can argue both for and against but I am calling it a bug.
It seems the bookworm release comes with NO firewall solution enabled !
Iptables is no longer installed by default
The nft service is NOT enabled by default.
After searching some more I found "Enable and start the nftables service by":
sudo systemctl enable nftables
sudo systemctl start nftables.
Looking at the sudo stuff it must have been written for Ubuntu. And indeed, I now have a nft service that will by default load the /etc/nftables.conf file :-)
The start command in itself is not needed, it just starts the firewall right away.
I do NOT understand why it is not enabled by default with the default config as it is.
The firewall in itself is open enough that it does not block stuff, but it does allow someone to build upon or to replace it with a proper firewall.
There probably was a discussion about it sometime in the past and this is what "they" came up with.
Still, I think there should be a better way, have a default (semi) open firewall and have it enabled by default.
Now all I need to do is go to my existing Buster installs and enable the firewall. It seems after I changed the iptables script to a nft config I have been running my buster machines with a proper nft config that NEVER got loaded. :-(
Bonno Bloksma
Reply to: