Thank you for your fast reply. I followed the steps under (https://wiki.nftables.org/wiki-nftables/index.php/Building_and_installing_nftables_from_sources) / 'Installing Linux kernel with nftables support' / 'Validating your installation'. The 'lsmod | grep nf_tables' returns: nf_tables_netdev 16384 0 nf_tables_bridge 16384 0 nf_tables_arp 16384 0 nf_tables_inet 16384 0 nf_tables_ipv6 16384 1 nf_tables_inet nf_tables_ipv4 16384 4 nf_tables_inet nf_tables 90112 13 nft_chain_route_ipv4,nf_tables_ipv4,nft_ct,nft_set_rbtree,nf_tables_inet,nft_set_bitmap,nf_tables_netdev,nft_counter,nf_tables_bridge,nf_tables_arp,nft_meta,nft_set_hash,nf_tables_ipv6 nfnetlink 16384 4 nf_conntrack_netlink,nf_tables,nf_tables_netdev Thus, according to the instructions in the wiki page, the installation should be working (there are some packets in the counters because I made some tests). I also found that could enable though some flags in the configure scrit the missing configuration: mini-gmp, with --with-mini-gmp, libxtables with --with-xtables and json output with --with-json. Regarding all this, still can't successfully run the examples, with the same error. Thanks again Fernando for your fast reply Cheers, Oscar On Wed, 18 Sep 2019 at 11:56, Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> wrote: > > Hello Oscar, > > On 9/18/19 11:41 AM, Oscar Muñoz Garrigós wrote: > > Hello, > > I'm trying to execute the example on > > (https://wiki.nftables.org/wiki-nftables/index.php/Meters) / Using > > meters: > > > > nft add table my_filter_table > > nft add chain my_filter_table my_input_chain {type filter hook input > > priority 0\;} > > nft add set my_filter_table my_ssh_meter { type ipv4_addr\; flags dynamic \;} > > nft add rule my_filter_table my_input_chain tcp dport 22 ct state new > > add @my_ssh_meter { ip saddr limit rate 10/second } accept > > > > I'm getting the error: > > Error: Could not process rule: Operation not supported > > add rule my_filter_table my_input_chain tcp dport 22 ct state new add > > @my_ssh_meter { ip saddr limit rate 10/second } accept > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > That is working fine in my system. > > table ip my_filter_table { > set my_ssh_meter { > type ipv4_addr > size 65535 > flags dynamic > } > > chain my_input_chain { > type filter hook input priority filter; policy accept; > tcp dport 22 ct state new add @my_ssh_meter { ip saddr limit rate > 10/second } accept > } > } > > Have you checked that your installed kernel has all the necessary > modules enabled? > > Thanks! > > > The installation has been done from sources: > > > > * Versions: > > - gmp: 6.1.2 > > - readline: 8.0 > > - libnftnl: 1.1.4 > > - libmnl: 1.0.4 > > - nft: 0.9.2 > > > > * The configure script for nft returned: > > nft configuration: > > cli support: yes > > enable debugging symbols: yes > > use mini-gmp: no > > enable man page: yes > > libxtables support: no > > json output support: no > > enable Python: yes (with /usr/bin/python) > > > > * I've also tried with different versions of nft (0.9.2, 0.9.1). 0.9.0 > > gives me an error in the make process. > > * installation instructions: > > # git checkout (version to install) > > # ./autogen.sh && ./configure && make && make check && (sudo) make install > > > > I've readed in previous mails[1] this code works, but I don't know > > what I'm doing wrong. ¿Does anyone have the same error? ¿Does anyone > > know if my error is related to not supporting mini-gmp or libxtables? > > > > [1] https://marc.info/?l=netfilter&m=156508925816504&w=2 > > > > Cheers, > > Oscar > >
