I'm trying to set up an espressobin as a hot spare router and various
other things. It needs to have an nftables firewall. I installed
nftables and tried to set it up with just a default nearly empty set of
tables/chains. Here's what happens:
root@tottenham:~# cat /etc/nftables.conf flush ruleset table inet filter
{ chain input { type filter hook input priority 0; policy accept; }
chain forward { type filter hook forward priority 0; policy accept; }
chain output { type filter hook output priority 0; policy accept; } }
root@tottenham:~# nft -f /etc/nftables.conf /etc/nftables.conf:5:15-19:
Error: Could not process rule: No such file or directory chain input {
type filter hook input priority 0; policy accept; } ^^^^^
/etc/nftables.conf:6:15-21: Error: Could not process rule: No such file
or directory chain forward { ^^^^^^^ /etc/nftables.conf:9:15-20: Error:
Could not process rule: No such file or directory chain output { ^^^^^^
root@tottenham:~# cat /proc/version Linux version 4.19.12-mvebu64
(root@nightly) (gcc version 7.2.1 20171011 (Linaro GCC 7.2-2017.11))
#5.68 SMP PREEMPT Fri Dec 28 20:24:51 CET 2018
If I create truly empty chains not attached to any hooks it works fine:
root@tottenham:~# nft create table inet filter root@tottenham:~# nft
create chain inet filter input root@tottenham:~# nft list ruleset table
inet filter { chain input { } }
Version of nftables package is
apt policy nftables
nftables:
Installed: 0.9.0-2
Candidate: 0.9.0-2
Version table:
*** 0.9.0-2 500
500http://httpredir.debian.org/debian testing/main arm64 Packages
100 /var/lib/dpkg/status
0.9.0-1~bpo9+1 100
100http://httpredir.debian.org/debian stretch-backports/main arm64 Packages
0.7-1 500
500http://httpredir.debian.org/debian stretch/main arm64 Packages
This version is working fine on several other servers I have running on
x86 machines.
Should I look for something in the kernel config? What can anyone tell
me about why this happens and how to fix it?
