On 23/06/2020 21:52, Florian Westphal wrote:
ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:On 23/06/2020 21:23, Florian Westphal wrote:ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:Since the ruleset that worked with kernel 4.19 did not anymore with kernel 5.4 (throwing segfault) I started from scratch to see what gives. nft add table inet filter nft add chain inet filter input { type filter hook input priority 0 \; } nft add chain inet filter forward { type filter hook forward priority 0 \; } nft add chain inet filter output { type filter hook output priority 0 \; } nft add table inet nat Thus far good and then things go awry and the output does not help to understand what might be wrong: nft add chain inet nat prerouting { type nat hook prerouting priority \-100 \; } nft: unrecognized option: 1If you use the shell, you should use single-quote for the entire arguments. nft 'add chain ...' here, nft thinks you passed '-1' as an option.Thanks for the pointer, I just copied that from the wiki though...I've changed quoting style to nft 'add chain ...'.Error: Could not process rule: No such file or directoryinet nat depends on CONFIG_NF_TABLES_INET.That is apparently enabled in the kernel xzgrep NF_TABLES /proc/config.gz CONFIG_NF_TABLES=m CONFIG_NF_TABLES_SET=m CONFIG_NF_TABLES_INET=yyup, looks good.
It should work then but somehow does not, any way to figure out what is going wrong then? I would rather prefer not having to return to IPT.
Attachment:
OpenPGP_0xF4F735931F05C5CE.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
