Highest Voted 'nftables' Questions

4

votes

1 answer

nftables rules for docker

System : RHEL 8.4 Docker Version : 20.10 RHEL 8 has moved from iptables to nftables and Docker inbuild uses iptables to set firewall rules on the machine. It seems to have break the communication from docker containers to host services, and also to…

asked Jun 28 '21 at 12:02

Keyur Barapatre

237
2
11

4

votes

1 answer

update-alternatives: error: alternative /usr/sbin/arptables-legacy for arptables not registered; not setting

I've Debian 10 (Buster) KVM guest machines on a Buster host. Trying to switch to the legacy iptables on VMs following Debian wiki update-alternatives --set iptables /usr/sbin/iptables-nft update-alternatives --set ip6tables…

debian iptables kvm debian-buster nftables

asked Jun 18 '20 at 03:12

Moazzem Hossen

2,276
1
19
30

4

votes

1 answer

nftables config commands failing with Operation not supported

Request for your kind help related to nftables. while using configuration commands. getting below error . Error: Could not process rule: Operation not supported Debian - 10. root@localhost:~# uname -a Linux localhost 4.19.81-OpenNetworkLinux-thanos…

linux security network-programming nftables

asked May 11 '20 at 10:05

Santosh Kumar

41
1
5

3

votes

1 answer

How to fix nf_conntrack: default automatic helper assignment has been turned off for security reasons

I'm receiving the message nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. The kernel is 5.4.23 and nftables…

linux firewall nftables

asked Jun 23 '20 at 05:34

isglin

31
1
2

2

votes

3 answers

How to: Podman rootless expose containers ports to the outside and see real client ip

This is my first time asking something on stackoverflow. For years I've been lurking but now I decided to finally register myself. Hence, I apologize if my question/information is not formatted nicely. Current situation: I'm slowly getting more and…

networking debian podman rootless nftables

asked Feb 12 '23 at 14:21

Saqeria

21
3

2

votes

0 answers

Firewall - nftables blocks outbound traffic

I've got a VM at a hosting service and installed a basic firewall with nftables. However, when it is active, all outbound traffic seems to get blocked. For example, when trying to ping google.com, I get a No route to host error. This occurs for any…

firewall nftables

asked May 12 '22 at 11:08

Lithimlin

542
1
6
24

2

votes

1 answer

nftables set: Could not add set with flags interval on command line

As it is said, this command failed : nft 'add set netdev blacklist blocklist_v4 {type ipv4_addr; flags interval;}' But this one succeded : nft 'add set netdev blacklist blocklist_v4 {type ipv4_addr;}' I tried with flags constant, and it works. So…

nftables

asked Apr 28 '21 at 15:40

Francois

81
1
7

2

votes

2 answers

How right to make second input chain in other table nftables?

There is my test nft ruleset , and all works except table inet test but table f2b-table is absolytly similar (except drop vs accept) and it works fine : table inet f2b-table { set addr-set-sshd { type ipv4_addr elements = {…

firewall nftables nft

asked Nov 12 '20 at 09:33

dregor

23
4

2

votes

2 answers

Cannot flush nftable element's set

I am actually learning to use nftables on a test environment and I'm actually working with nftables sets. I was on version 0.7 and since my tests weren't working I updated to 0.9.4 version but my problem was still the same. I can create my sets on…

set nftables

asked Apr 16 '20 at 14:06

mjtn

51
6

2

votes

2 answers

How do you publish ports from a Docker container on a system using nftables?

I have a fairly plain Debian Buster install. Debian Buster uses nftables rather than iptables. If I try and run a container with a published port: sudo docker run -it --rm --name=port-test -p 1234:1234/tcp debian:jessie-slim then I get this…

docker nftables

asked Aug 11 '19 at 14:26

Mark Raymond

906
8
22

2

votes

0 answers

Adding nftables nat rules with libnftnl APIs

I want to add following snat and dnat rules using nftables: nft add rule nat post udp sport 29000 ip saddr 192.168.101.102 udp dport 40000 ip daddr 192.168.101.102 snat 192.168.101.55:35000 nft add rule nat pre udp sport 29000 ip saddr…

nat nftables

asked Mar 21 '18 at 17:54

UserXYZ

53
1
9

1

vote

0 answers

Redirect socket communications through intermediate processes

I have the following network: ~~~~~~~ MACHINE A ~~~~~~~ ~~~~~~~~ MACHINE B ~~~~~~~~ +--------+ +--------+ | client |----(a) (b)----------| server…

c linux sockets nftables

asked Mar 05 '23 at 17:44

ClausWorks

33
4

1

vote

1 answer

1:1 NAT with nftables on OpenWRT 22.03

I am running my OpenWrt Router as an OpenVPN Client in a VPN site-to-site setup. After Upgrading to newest OpenWrt 22.03 I have to migrate my firewall coustom rules to nftables. Can you help me finding the nft-file for this: /usr/sbin/iptables -t…

routes debian openwrt nftables

asked Feb 12 '23 at 09:54

dex.404

21
3

1

vote

0 answers

Suricata fail to block when using nfqueue mode

I'm setting suricata on debian 10 to block expected request with run command as below: /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 3 -q 4 -q 5 -D -v --user=logstash Whenever I receives a request which is…

c debian netfilter suricata nftables

asked Dec 16 '21 at 17:12

Nguyễn Louis

63
5

1

vote

1 answer

What is the dot (.) in an Nftables rule

In many nftables examples, I sometimes see statement like this: map nat-udp-services { type ipv4_addr . inet_service : verdict } and this: ip daddr . udp dport vmap @nat-udp-services What does the dot (.) mean in these cases?

nftables

asked Dec 16 '21 at 06:33

PPS

8,040
2
9
16

Questions tagged [nftables]