nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; }
nft add chain inet filter forward { type filter hook forward priority 0 \; }
nft add chain inet filter output { type filter hook output priority 0
\; }
nft add table inet natThus far good and then things go awry and the output does not help to understand what might be wrong:
nft add chain inet nat prerouting { type nat hook prerouting priority \-100 \; }
nft: unrecognized option: 1 and next upnft add chain inet nat postrouting { type nat hook postrouting priority 100 \; }
Error: Could not process rule: No such file or directoryHas there been some syntax change for NAT? Checked the kconf and loaded module but don't see anything amiss?
xzgrep _NAT /proc/config.gz CONFIG_NF_NAT=m CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_FTP=m CONFIG_NF_NAT_IRC=m CONFIG_NF_NAT_SIP=m CONFIG_NF_NAT_TFTP=m CONFIG_NF_NAT_REDIRECT=y CONFIG_NF_NAT_MASQUERADE=y CONFIG_NFT_NAT=m CONFIG_NETFILTER_XT_NAT=m CONFIG_NF_NAT_SNMP_BASIC=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m CONFIG_IP_NF_NAT=m CONFIG_IP6_NF_NAT=m CONFIG_BRIDGE_EBT_T_NAT=m # CONFIG_NET_ACT_NAT is not set lsmod | grep 'nf_nat\|nft_nat' nf_nat_amanda 16384 0 nf_conntrack_amanda 16384 4 nf_nat_amanda nft_nat 16384 0nf_tables 114688 28 nft_ct,nft_reject_bridge,nft_nat,nft_numgen,nft_fwd_netdev,nf_flow_table_ipv6,nft_redir,nf_flow_table_ipv4,nft_fib_inet,nft_reject,nft_reject_ipv6,nft_reject_ipv4,nft_limit,nf_tables_set,nft_dup_netdev,nft_flow_offload,nf_flow_table_inet,nft_meta_bridge,nft_masq,nft_fib,nft_reject_inet,nft_fib_ipv6,nft_objref,nft_fib_ipv4,nft_hash,nft_quota,nft_counter,nft_log
nf_nat_tftp 16384 0 nf_nat_snmp_basic 16384 0 nf_nat_sip 20480 0 nf_nat_pptp 16384 0 nf_nat_irc 16384 0 nf_nat_h323 16384 0 nf_nat_ftp 16384 0nf_nat 32768 14 nft_nat,nf_nat_pptp,nft_redir,xt_nat,nf_nat_h323,nf_nat_sip,nf_nat_irc,xt_MASQUERADE,iptable_nat,nft_masq,nf_nat_ftp,nf_nat_amanda,xt_REDIRECT,nf_nat_tftp
nf_conntrack_tftp 16384 4 nf_nat_tftp nf_conntrack_snmp 16384 4 nf_nat_snmp_basic nf_conntrack_sip 28672 7 nf_nat_sip nf_conntrack_pptp 16384 4 nf_nat_pptp nf_conntrack_irc 16384 4 nf_nat_irc nf_conntrack_h323 45056 7 nf_nat_h323 nf_conntrack_ftp 16384 4 nf_nat_ftpnf_conntrack 81920 39 nft_ct,xt_state,nft_nat,nf_nat_pptp,nf_conntrack_sip,nft_redir,act_ctinfo,nf_conntrack_snmp,nf_conncount,nf_conntrack_irc,xt_nat,nf_nat_h323,act_connmark,nf_flow_table,nf_conntrack_ftp,nf_nat_snmp_basic,nf_nat_sip,nf_conntrack_tftp,nft_flow_offload,nf_nat_irc,xt_MASQUERADE,xt_connmark,nf_conntrack_pptp,nft_masq,nf_conntrack_amanda,nf_conntrack_rtcache,xt_helper,nf_conntrack_broadcast,nf_nat_ftp,nf_nat_amanda,xt_connlimit,nf_conntrack_netlink,xt_connbytes,xt_CT,nf_conntrack_h323,xt_conntrack,xt_REDIRECT,nf_nat_tftp,nf_nat
asn1_decoder 16384 2 nf_nat_snmp_basic,rsa_generic
Attachment:
OpenPGP_0xF4F735931F05C5CE.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
