ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
> Since the ruleset that worked with kernel 4.19 did not anymore with kernel
> 5.4 (throwing segfault) I started from scratch to see what gives.
>
> nft add table inet filter
> nft add chain inet filter input { type filter hook input priority 0 \; }
> nft add chain inet filter forward { type filter hook forward priority 0 \; }
> nft add chain inet filter output { type filter hook output priority 0 \;
> }
> nft add table inet nat
>
> Thus far good and then things go awry and the output does not help to
> understand what might be wrong:
>
> nft add chain inet nat prerouting { type nat hook prerouting priority \-100
> \; }
> nft: unrecognized option: 1
If you use the shell, you should use single-quote for the entire
arguments. nft 'add chain ...'
here, nft thinks you passed '-1' as an option.
> and next up
>
> nft add chain inet nat postrouting { type nat hook postrouting priority 100
> \; }
> Error: Could not process rule: No such file or directory
inet nat depends on CONFIG_NF_TABLES_INET.
