1: I do not agree about "despite message". Everything should not give wrong message, if run correct. As a programmer, when I write script, how can I do about wrong message? some of them is really wrong, and others means nothing?
2: Yes, the shipped config file, drop almost everything. I can not login remote server, no ping response, just because I install nftables. It is bad. The things goes wrong way, even if it wants more security. everything should leave unchanged, and then, I add rules. 2015年11月10日 下午5:37于 "Arturo Borrero Gonzalez" <arturo.borrero.g...@gmail.com >写道: > On 10 November 2015 at 09:19, wanglihe <wanglihe.program...@gmail.com> > wrote: > > Package: nftables > > Version: 0.5-1~bpo8+1 > > Severity: normal > > > > Dear Maintainer, > > > > When I ran command "systemctl enable nftables", it gave wrong message: > > > > Synchronizing state for nftables.service with sysvinit using > > update-rc.d... > > Executing /usr/sbin/update-rc.d nftables defaults > > Executing /usr/sbin/update-rc.d nftables enable > > update-rc.d: error: nftables Default-Start contains no runlevels, > > aborting. > > > > It seems that you put run level after Default-stop, but it should put > > after Default-start, in the file /etc/init.d/nftables. > > If you are running systemd, you can forget about this sysvinit stuff. > > Please note that despite of these messages, > * 'systemctl enable nftables' does enable the service > * 'systemctl disable nftables' does disable the service > > (you may check with 'systemctl status nftables') > > The error messages is because the sysvinit-systemd compat stuff, which > tries to sync systemd/sysvinit services so you may change between init > systems smoothly. > The sysvinit init script is shipped absolutely disabled, you have to > manually edit the file to use it. > > > > > When this bug fixed, maybe you should give tips about firewall rules, or > > just leave "flush ruleset" in /etc/nftables.conf, I think everything > > should not change after installation, not "connect refuse". > > > > The new nftables.conf need add one more line code about include files > under > > /etc/nftables/ . > > > > Could you please elaborate a bit more? What is your use case? > > Are you complaining about the shipped /etc/nftables.conf file? > > I fail to understand what is wrong here. > > thanks, best regards > -- > Arturo Borrero González >
