Hi Anssi, >> There is nothing in the journal about nft >> linbookwormtest:~#journalctl -t nft >> -- Journal begins at Mon 2023-03-27 13:07:50 CEST, ends at Mon >> 2023-04-24 12:18:07 CEST. -- >> -- No entries --
> Debian's nftables package includes a systemd service to run nftables. You > might want to run systemctl status nftables first and then enable and to > start the service. Unfortunately nft is not a service. Trying the service command with nft gives an error. linbookwormtest:~# service nft status Unit nft.service could not be found. linbookwormtest:~# Also trying command completion with the nft, or even nf, show no results. Using just the n for completion gives just the networking service. > I wonder how you used iptables? I always used a script for that but I had to > run it too for changes... I allways had a script too. I had it hooked in /etc/network/interfaces via either a pre-up or post-up rule depending if there was a fixed ip or a dhcp line in the interfaces file. A default Debian install has an executable /etc/nftables.conf file. If nothing is looking at that file then what is the "normal" wat to start the firewall? Do I hook it up via one of the old /etc/init.d/ scripts? Do I create a script in one of the /etc/rc?.d/ directories? I am pretty sure they don't expect every novice to start writing systemd service files? I don't even know where they are, I never touch them, too much can go wrong by not understanding how it all connects. If I install dhcp it comes with default config files. If I change them then THAT config gets loaded. If Debian does NOTHING with that nft config file then why is it there? Is this a bug? Bonno Bloksma
