An upgrade to the kernel version 4.19 solved the problem. Greetings, Oscar On Wed, 18 Sep 2019 at 14:37, Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx> wrote: > > Thanks for your reply. > > Just in case I made something wrong, I erased all packages and > reinstalled them with the same result. > > When checking for the kernel configuration: > -> uname -a > Linux my-pc 4.15.0-62-generic #69-Ubuntu SMP Wed Sep 4 20:55:53 UTC > 2019 x86_64 x86_64 x86_64 GNU/Linux > > -> grep CONFIG_NFT_ /boot/config-4.15.0-62-generic: > CONFIG_NFT_EXTHDR=m > CONFIG_NFT_META=m > CONFIG_NFT_RT=m > CONFIG_NFT_NUMGEN=m > CONFIG_NFT_CT=m > CONFIG_NFT_SET_RBTREE=m > CONFIG_NFT_SET_HASH=m > CONFIG_NFT_SET_BITMAP=m > CONFIG_NFT_COUNTER=m > CONFIG_NFT_LOG=m > CONFIG_NFT_LIMIT=m # Limit is set here! > CONFIG_NFT_MASQ=m > CONFIG_NFT_REDIR=m > CONFIG_NFT_NAT=m > CONFIG_NFT_OBJREF=m > CONFIG_NFT_QUEUE=m > CONFIG_NFT_QUOTA=m > CONFIG_NFT_REJECT=m > CONFIG_NFT_REJECT_INET=m > CONFIG_NFT_COMPAT=m > CONFIG_NFT_HASH=m > CONFIG_NFT_FIB=m > CONFIG_NFT_FIB_INET=m > CONFIG_NFT_DUP_NETDEV=m > CONFIG_NFT_FWD_NETDEV=m > CONFIG_NFT_FIB_NETDEV=m > CONFIG_NFT_CHAIN_ROUTE_IPV4=m > CONFIG_NFT_REJECT_IPV4=m > CONFIG_NFT_DUP_IPV4=m > CONFIG_NFT_FIB_IPV4=m > CONFIG_NFT_CHAIN_NAT_IPV4=m > CONFIG_NFT_MASQ_IPV4=m > CONFIG_NFT_REDIR_IPV4=m #IPv4 redir is set here > CONFIG_NFT_CHAIN_ROUTE_IPV6=m > CONFIG_NFT_CHAIN_NAT_IPV6=m > CONFIG_NFT_MASQ_IPV6=m > CONFIG_NFT_REDIR_IPV6=m # IPv6 redir is set here > CONFIG_NFT_REJECT_IPV6=m > CONFIG_NFT_DUP_IPV6=m > CONFIG_NFT_FIB_IPV6=m > CONFIG_NFT_BRIDGE_META=m > CONFIG_NFT_BRIDGE_REJECT=m > > -> modinfo nft_limit > filename: > /lib/modules/4.15.0-62-generic/kernel/net/netfilter/nft_limit.ko > alias: nft-obj-4 > alias: nft-expr-limit > author: Patrick McHardy <kaber@xxxxxxxxx> > license: GPL > srcversion: 9149886BBEBFCBD153D9AF0 > depends: nf_tables > retpoline: Y > intree: Y > name: nft_limit > vermagic: 4.15.0-62-generic SMP mod_unload > signat: PKCS#7 > signer: > sig_key: > sig_hashalgo: md4 > > -> I did a 'modprobe nft_limit'. I dont' know if it was loaded before > because the 'grep' hided it, but it is now. > > -> lsmod | grep nft > nft_limit 16384 0 > nft_ct 20480 0 > nft_meta 16384 0 > nft_set_bitmap 16384 0 > nft_set_hash 24576 0 > nft_set_rbtree 16384 0 > nf_tables 90112 7 > nf_tables_ipv4,nft_ct,nft_set_rbtree,nft_set_bitmap,nft_limit,nft_meta,nft_set_hash > nf_conntrack 131072 8 > xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat,nft_ct,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink > > After all this nothing changed, I still get the same error. ¿Maybe > should I update the kernel version to use this property? Actual > version is 4.15.0. I'm going to try this afternoon with another > computer. > > Thank you all for the help. > > Greetings, > Oscar > > > On Wed, 18 Sep 2019 at 13:22, Florian Westphal <fw@xxxxxxxxx> wrote: > > > > Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx> wrote: > > > Thank you for your fast reply. > > > > > > I followed the steps under > > > (https://wiki.nftables.org/wiki-nftables/index.php/Building_and_installing_nftables_from_sources) > > > / 'Installing Linux kernel with nftables support' / 'Validating your > > > installation'. > > > > > > The 'lsmod | grep nf_tables' returns: > > > > > > nf_tables_netdev 16384 0 > > > nf_tables_bridge 16384 0 > > > nf_tables_arp 16384 0 > > > nf_tables_inet 16384 0 > > > nf_tables_ipv6 16384 1 nf_tables_inet > > > nf_tables_ipv4 16384 4 nf_tables_inet > > > nf_tables 90112 13 > > > nft_chain_route_ipv4,nf_tables_ipv4,nft_ct,nft_set_rbtree,nf_tables_inet,nft_set_bitmap,nf_tables_netdev,nft_counter,nf_tables_bridge,nf_tables_arp,nft_meta,nft_set_hash,nf_tables_ipv6 > > > nfnetlink 16384 4 nf_conntrack_netlink,nf_tables,nf_tables_netdev > > > > I don't see nft_limit here. > > > > > nft add rule my_filter_table my_input_chain tcp dport 22 ct state new > > > > > add @my_ssh_meter { ip saddr limit rate 10/second } accept > > > > ... but its needed by this rule. > > > > Check modinfo nft_limit. > > > > You might need to set CONFIG_NFT_LIMIT=m in kernel config.
