Hi Duncan, > What may be missing is a required kernel module. Does 'lsmod' show > 'nf_flow_table' and 'nf_flow_table_inet'? > > Also, what is you kernel version? I actually observed the issue on both a Fedora 30 Server node (kernel 5.6.13-100.fc30.x86_64) and a RHEL8 node (kernel 4.18.0-147.8.1.el8_1.x86_64), but just to be sure I just installed a brand new Fedora 33 Server VM with the latest DNF updates and tried again using the example at https://www.kernel.org/doc/Documentation/networking/nf_flowtable.txt verbatim: [root@localhost ~]# cat toto.nft table inet x { flowtable f { hook ingress priority 0; devices = { eth0, eth1 }; } chain y { type filter hook forward priority 0; policy accept; ip protocol tcp flow offload @f counter packets 0 bytes 0 } } Still the same error: [root@localhost ~]# nft -c -f toto.nft toto.nft:2:11-11: Error: Could not process rule: No such file or directory flowtable f { ^ toto.nft:7:17-47: Error: Could not process rule: No such file or directory ip protocol tcp flow offload @f ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Loaded modules: [root@localhost ~]# lsmod | grep nf nft_ct 20480 0 nft_counter 16384 0 nft_flow_offload 16384 0 nf_flow_table_inet 16384 0 nf_flow_table 40960 2 nft_flow_offload,nf_flow_table_inet nf_conntrack 163840 3 nft_flow_offload,nft_ct,nf_flow_table nf_defrag_ipv6 24576 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack nf_tables 237568 4 nft_flow_offload,nft_ct,nft_counter,nf_flow_table_inet nfnetlink 16384 1 nf_tables Kernel version: [root@localhost ~]# uname -a Linux localhost.localdomain 5.8.17-300.fc33.x86_64 #1 SMP Thu Oct 29 15:55:40 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux NFT version: [root@localhost ~]# nft -v nftables v0.9.3 (Topsy) I'm sure I'm missing something, but I can't tell what... Thanks, -Martin
