Hi Dan, >> I thought I understood it all and as far as I know I have a working config. >> But just trying to get a listing of the running config shows NOTHING. >> linbookwormtest:~# nft list ruleset >> linbookwormtest:~# > > That says that you have no firewall set up. That was my conclusion as well. :-(
> All Linux kernel firewalls are implemented via nft, even if you are using > iptables or ufw or some other system. Ok. > Try this: > > $ lsmod | grep nft Well I get : linbookwormtest:~# lsmod | grep nft linbookwormtest:~# Another NOTHING. And yes, lsmod itself does list the loaded modules. > It's not a matter of running, it's a matter of whether rules have been loaded. Probably not, but why not? > Now whether I have those SSH lines enabled or disable them makes no > difference, I can still logon using ssh. :-( > > How, how do I continue? It isn't even working on a clean install of Debian > bookworm with the default config file. > Try: > # nft -f /etc/nftables.conf > # nft list ruleset Ok, that works. Now I get a firewall listing. So the config never gets loaded. Weird. > I suspect you just don't have anything loading the rules. But... should that not be system when it sees a executable nftables.conf file? That is de default Debian setup in which I have npt changed anything. If that does not work then the Debian default does not work. I do not trhink there will be a lot of people who want to START by creating system service files just to get the firewall up and running each time. With the old stuff I knew I had to execute a script loading the rules, that was normal. With nft everything is build in and the config file is executable. Why ? Bonno
