On 23/06/2020 21:23, Florian Westphal wrote:
ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:Since the ruleset that worked with kernel 4.19 did not anymore with kernel 5.4 (throwing segfault) I started from scratch to see what gives. nft add table inet filter nft add chain inet filter input { type filter hook input priority 0 \; } nft add chain inet filter forward { type filter hook forward priority 0 \; } nft add chain inet filter output { type filter hook output priority 0 \; } nft add table inet nat Thus far good and then things go awry and the output does not help to understand what might be wrong: nft add chain inet nat prerouting { type nat hook prerouting priority \-100 \; } nft: unrecognized option: 1If you use the shell, you should use single-quote for the entire arguments. nft 'add chain ...' here, nft thinks you passed '-1' as an option.
Thanks for the pointer, I just copied that from the wiki though...
and next up nft add chain inet nat postrouting { type nat hook postrouting priority 100 \; } Error: Could not process rule: No such file or directoryinet nat depends on CONFIG_NF_TABLES_INET.
That is apparently enabled in the kernel xzgrep NF_TABLES /proc/config.gz CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m CONFIG_NF_TABLES_INET=y CONFIG_NF_TABLES_NETDEV=y CONFIG_NF_TABLES_IPV4=y CONFIG_NF_TABLES_ARP=y CONFIG_NF_TABLES_IPV6=y CONFIG_NF_TABLES_BRIDGE=m
Attachment:
OpenPGP_0xF4F735931F05C5CE.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
