Thanks for your reply. Just in case I made something wrong, I erased all packages and reinstalled them with the same result. When checking for the kernel configuration: -> uname -a Linux my-pc 4.15.0-62-generic #69-Ubuntu SMP Wed Sep 4 20:55:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux -> grep CONFIG_NFT_ /boot/config-4.15.0-62-generic: CONFIG_NFT_EXTHDR=m CONFIG_NFT_META=m CONFIG_NFT_RT=m CONFIG_NFT_NUMGEN=m CONFIG_NFT_CT=m CONFIG_NFT_SET_RBTREE=m CONFIG_NFT_SET_HASH=m CONFIG_NFT_SET_BITMAP=m CONFIG_NFT_COUNTER=m CONFIG_NFT_LOG=m CONFIG_NFT_LIMIT=m # Limit is set here! CONFIG_NFT_MASQ=m CONFIG_NFT_REDIR=m CONFIG_NFT_NAT=m CONFIG_NFT_OBJREF=m CONFIG_NFT_QUEUE=m CONFIG_NFT_QUOTA=m CONFIG_NFT_REJECT=m CONFIG_NFT_REJECT_INET=m CONFIG_NFT_COMPAT=m CONFIG_NFT_HASH=m CONFIG_NFT_FIB=m CONFIG_NFT_FIB_INET=m CONFIG_NFT_DUP_NETDEV=m CONFIG_NFT_FWD_NETDEV=m CONFIG_NFT_FIB_NETDEV=m CONFIG_NFT_CHAIN_ROUTE_IPV4=m CONFIG_NFT_REJECT_IPV4=m CONFIG_NFT_DUP_IPV4=m CONFIG_NFT_FIB_IPV4=m CONFIG_NFT_CHAIN_NAT_IPV4=m CONFIG_NFT_MASQ_IPV4=m CONFIG_NFT_REDIR_IPV4=m #IPv4 redir is set here CONFIG_NFT_CHAIN_ROUTE_IPV6=m CONFIG_NFT_CHAIN_NAT_IPV6=m CONFIG_NFT_MASQ_IPV6=m CONFIG_NFT_REDIR_IPV6=m # IPv6 redir is set here CONFIG_NFT_REJECT_IPV6=m CONFIG_NFT_DUP_IPV6=m CONFIG_NFT_FIB_IPV6=m CONFIG_NFT_BRIDGE_META=m CONFIG_NFT_BRIDGE_REJECT=m -> modinfo nft_limit filename: /lib/modules/4.15.0-62-generic/kernel/net/netfilter/nft_limit.ko alias: nft-obj-4 alias: nft-expr-limit author: Patrick McHardy <kaber@xxxxxxxxx> license: GPL srcversion: 9149886BBEBFCBD153D9AF0 depends: nf_tables retpoline: Y intree: Y name: nft_limit vermagic: 4.15.0-62-generic SMP mod_unload signat: PKCS#7 signer: sig_key: sig_hashalgo: md4 -> I did a 'modprobe nft_limit'. I dont' know if it was loaded before because the 'grep' hided it, but it is now. -> lsmod | grep nft nft_limit 16384 0 nft_ct 20480 0 nft_meta 16384 0 nft_set_bitmap 16384 0 nft_set_hash 24576 0 nft_set_rbtree 16384 0 nf_tables 90112 7 nf_tables_ipv4,nft_ct,nft_set_rbtree,nft_set_bitmap,nft_limit,nft_meta,nft_set_hash nf_conntrack 131072 8 xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,nft_ct,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink After all this nothing changed, I still get the same error. ¿Maybe should I update the kernel version to use this property? Actual version is 4.15.0. I'm going to try this afternoon with another computer. Thank you all for the help. Greetings, Oscar On Wed, 18 Sep 2019 at 13:22, Florian Westphal <fw@xxxxxxxxx> wrote: > > Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx> wrote: > > Thank you for your fast reply. > > > > I followed the steps under > > (https://wiki.nftables.org/wiki-nftables/index.php/Building_and_installing_nftables_from_sources) > > / 'Installing Linux kernel with nftables support' / 'Validating your > > installation'. > > > > The 'lsmod | grep nf_tables' returns: > > > > nf_tables_netdev 16384 0 > > nf_tables_bridge 16384 0 > > nf_tables_arp 16384 0 > > nf_tables_inet 16384 0 > > nf_tables_ipv6 16384 1 nf_tables_inet > > nf_tables_ipv4 16384 4 nf_tables_inet > > nf_tables 90112 13 > > nft_chain_route_ipv4,nf_tables_ipv4,nft_ct,nft_set_rbtree,nf_tables_inet,nft_set_bitmap,nf_tables_netdev,nft_counter,nf_tables_bridge,nf_tables_arp,nft_meta,nft_set_hash,nf_tables_ipv6 > > nfnetlink 16384 4 nf_conntrack_netlink,nf_tables,nf_tables_netdev > > I don't see nft_limit here. > > > > nft add rule my_filter_table my_input_chain tcp dport 22 ct state new > > > > add @my_ssh_meter { ip saddr limit rate 10/second } accept > > ... but its needed by this rule. > > Check modinfo nft_limit. > > You might need to set CONFIG_NFT_LIMIT=m in kernel config.
