Highest Voted 'nftables' Questions

0

votes

1 answer

Having multiple drop tables causing override of rules from other tables

We are trying to implement nftables in our system. By default we want to drop all and accept by defined rules. We have some excel sheets for source ip and port and I generate rule tables out of them. But seems like defining multiple drop tables…

linux firewall nftables

asked Feb 24 '23 at 12:15

minoset

68
1
1
7

0

votes

0 answers

I get "Error: Could not process rule: No such file or directory" when trying to add a chain with nft

I have set up a measurement network in my laboratory using a Raspberry pi 4 as router and DHCP and DNS server and wlan access point. The installed raspberry pi OS version is 11.6. Currently it is isolating the measurement network from the internet.…

raspberry-pi nftables

asked Feb 22 '23 at 10:53

Holger

1
2

0

votes

1 answer

How to drop all unused ports with nftables?

For an embedded application, I want to configure the firewall dynamically. My idea is to make a separate table for each service. So I can use 'nft flush inet table' to clear the ruleset of a table and set it again. So I made tables for snmp, www,…

configuration nftables

asked Nov 02 '22 at 10:35

madam

11
3

0

votes

1 answer

How to add counter to set via libnftables-json?

In nftables since v0.9.5 named sets have specification counter (for each element in set). I can use it with nft cli or configuration file like: set my_flows_meter { type ipv4_addr . ipv4_addr . inet_service . inet_service . inet_proto …

netfilter nftables

asked Oct 19 '22 at 15:38

Vitalii Botvinko

1
1

0

votes

1 answer

Block P2P BitTorrent traffic using nftables

I'm trying to reject all the output traffic over the ports 6881 to 6889 related to the protocol P2P/Bittorrent using NFTables. Any help would be appreciated as I don't get with the rule.

linux terminal p2p nftables

asked Oct 13 '22 at 16:05

John

1

0

votes

1 answer

error in nf tables when using ct state : Protocol wrong type for socket

I'm struggling to configure my nf tables rules on my distro. I'm using nft 1.0.4 and Linux 4.9. When I am using the ct state instruction, nft throw the following error: nftables.cfg:25:17-43: Error: Could not process rule: Protocol wrong type for…

linux-kernel firewall netfilter nftables

asked Sep 12 '22 at 18:20

Perceval

1
1

0

votes

0 answers

How to set up a RaspberryPi & Nftables for masquerading between to interfaces?

I'm trying to set up a RaspberryPi running Nftables as a "router". It's running on RaspberryPi OS 64 bits with kernel 5.15.32-v8+ and Nftables v0.9.8 (E.D.S.). I would like it to allow traffic between the LAN it's connected to through its WiFi…

linux nftables masquerade

asked Aug 08 '22 at 06:06

Yltabar

1
1

0

votes

1 answer

Drone + nftables: Could not resolve host

I use drone with nftables. For nftables, I need to set the ip address and port to allow the drone/git, otherwise during cloning I get an error : Could not resolve host: gitlab.com Drone and agent server run configuration: docker run --ip 172.17.0.2…

docker drone.io nftables

asked Jun 13 '22 at 11:41

Roman Karas

19
5

0

votes

1 answer

nftables: "ipsec in reqid" raises "Can't process rule error"

I'm trying to add an IPSec-related rule to my router: # nft add rule inet t_fw c_in 'ip saddr 192.168.10.17 ipsec in reqid 1 accept' Error: Could not process rule: No such file or directory add rule inet t_fw c_in ip saddr 192.168.10.17 ipsec in…

raspberry-pi3 nftables

asked Feb 27 '22 at 19:06

Zygmunt

13
3

0

votes

1 answer

Can anyone give me any idea Nftable rules

1.Accept incoming TCP connections ssh (port 22), with a rate limit of 30 connections per minute, per host, and a burst of 5 connections 2.Log accepted ssh connections.

networking firewall nftables

asked Nov 30 '21 at 06:58

blackbird6666

1

0

votes

1 answer

How to add NFT SNAT rule for IPv6?

I am trying to add SNAT NFT rule for IPv6 in my router. Any ougoing packet through interface enp1s0 should be SNATted with the below IPv6 address. These are the rules I tried and errors. nft add rule inet nat postrouting oifname "enp1s0" snat ip6…

ipv6 nftables

asked Nov 02 '21 at 13:29

Mani Varma Indukuri

1
1

0

votes

2 answers

MFT rule which filters packet by ip length

I want to create a rule which can accept only these packets which have ip length greater than 2000 so I have my table (my_table) and chain(my_chain) and I am trying something like this: sudo nft add rule inet my_table my_chain ip length > 2000…

linux-kernel netfilter nft nftables

asked Oct 26 '21 at 17:56

Eldragon01

11
2

0

votes

2 answers

nftables don´t allow ssh

I have a ruleset in my server looking like this: table inet firewall { chain INBOUND { type filter hook input priority filter; policy drop; ct state established,related accept ct state invalid drop iif "lo"…

server connection port nftables

asked Aug 02 '21 at 13:25

Jose Escalada

7
1
4

0

votes

1 answer

How to put `0.pool.ntp.org` in `/etc/nftables.conf` without any error?

In /etc/nftables.conf,I have define ntp_server={ 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, 3.pool.ntp.org }, 0.pool.ntp.org start with number,then I meet error when nft -f. $ sudo nft -v $ nftables v0.9.0 (Fearless Fosdick) $ sudo nft -f…

configuration syntax-error ntp ntpd nftables

asked Jun 18 '21 at 18:45

kittygirl

2,255
5
24
52

0

votes

0 answers

nftables ipv4 not loading

I have a question about nftables in Ubuntu. I wanted to use nftables for a scientific application to send some image files from a remote telescope with UDP/IP from within a c++ telescope control program, and someone suggested that using nftables…

linux-kernel ubuntu-18.04 nftables

asked Apr 12 '21 at 08:33

Ma Ta

69
4

Questions tagged [nftables]