nftables debian 13 bug

To: debian-user@lists.debian.org
Subject: nftables debian 13 bug
From: Nite Neal <nite@nitedev.ru>
Date: Sat, 19 Jul 2025 14:57:52 +0300
Message-id: <[🔎] 61a93f6b-f424-4cce-9631-c02f196e3b97@nitedev.ru>

I updated my virtual machine from Debian 12 to 13, after which it began to work incorrectly with nftables. Incoming letters do not work, nftables does not work correctly. It is impossible to receive or send a letter in the local network. At the same time, from the external network (Internet, smartphone, neighbor's Wi-Fi) everything works. As soon as I roll back to Debian 12, everything works again. nftables config: /etc/nftables.conf

#!/usr/sbin/nft -f

flush ruleset

table ip filter {

chain input {
type filter hook input priority 0; policy drop;

iif "lo" accept

tcp dport 22 accept
#tcp dport 25565 accept

tcp dport { 80, 443 } accept

udp dport 64560 accept

udp dport 22000 accept

#tcp dport { 25, 587, 143, 993 } accept

ip saddr 192.168.0.109 tcp dport 9100 accept

ct state { established, related } accept
}

chain forward {
type filter hook forward priority 0; policy drop;

# VM & Proxmox - vmbr0
#iifname "vmbr0" oifname "wg0" accept
#iifname "wg0" oifname "vmbr0" accept

#iifname "wg0" accept

iifname "ens18" accept
}

chain output {
type filter hook output priority 0; policy accept;
}
}

table ip nat {
chain prerouting {
type nat hook prerouting priority 0;

# mail
tcp dport 25 dnat to 192.168.0.106
tcp dport 143 dnat to 192.168.0.106
tcp dport 587 dnat to 192.168.0.106
tcp dport 993 dnat to 192.168.0.106
tcp dport 25565 dnat to 192.168.0.111
udp dport 64560 dnat to 192.168.0.107
udp dport 22000 dnat to 192.168.0.103

}

chain postrouting {
type nat hook postrouting priority 100;

#ip daddr 192.168.0.106 masquerade
#ip daddr 192.168.0.107 masquerade
#ip daddr 192.168.0.111 masquerade

oifname "ens18" masquerade
}
}

Reply to:

Follow-Ups:
- Re: nftables debian 13 bug
  - From: err404@free.fr

Prev by Date: Re: Open Source PHP Trouble Ticket System
Next by Date: Re: Is there a POSIX compliant way of turning a "HH:MM:SS" formatted string to seconds? ...
Previous by thread: Re: Open Source PHP Trouble Ticket System
Next by thread: Re: nftables debian 13 bug
Index(es):
- Date
- Thread