On Mon, Mar 19, 2018 at 11:14:58AM +0100, Darius wrote:
> I actually have same problem if I use config file and there families are defined:
>
> #!/usr/sbin/nft -f
>
> table ip ipv4_filter {
>
> chain incoming{
> type filter hook input priority 0; policy drop;
>
> tcp dport {ssh} log accept
> }
> }
>
I am at a loss to explain this. I tried your command on my system:
> nft add rule ip IP FILTER_INPUT tcp dport {ssh} log accept
(except with my table and chain names) and the command was accepted.
This has been working since January - is your nft older?
>
> > On March 19, 2018 at 12:52 AM Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx> wrote:
> >
> >
> > On Sun, Mar 18, 2018 at 11:29:35PM +0100, darius wrote:
> > > Hi,
> > >
> > > Apparently, I can't add log statement in nft firewall. It does not
> > > matter if I do it in config file or in command line. In any case I get
> > > error:
> > >
> > > nft add rule filter input log
> > > Error: Could not process rule: No such file or directory
> > > add rule filter input log
> > > ^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >
> > [...]
> >
> > Try inserting the family before the table name. nft always assumes "ip4" if you
> > don't. You will then get the above error if table filter is ip6 (or inet).
> >
> > Cheers ... Duncan.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
