вт, 25 апр. 2023 г. в 13:32, Bonno Bloksma <b.blok...@tio.nl>: > > Debian's nftables package includes a systemd service to run nftables. You > > might want to run systemctl status nftables first and then enable and to > > start the service. > Unfortunately nft is not a service. Trying the service command with nft gives > an error. > linbookwormtest:~# service nft status > Unit nft.service could not be found. > linbookwormtest:~#
$ sudo systemctl status nftables.service ● nftables.service - nftables Loaded: loaded (/lib/systemd/system/nftables.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:nft(8) http://wiki.nftables.org This is not true service, but only loader for /etc/nftables.conf rules at boot, if enabled. > Also trying command completion with the nft, or even nf, show no results. > Using just the n for completion gives just the networking service. nftables: /usr/sbin/nft This is package, which can be installed or not. And, if you use 'su' command, please use it right: su - > > I wonder how you used iptables? I always used a script for that but I had > > to run it too for changes... > I allways had a script too. I had it hooked in /etc/network/interfaces via > either a pre-up or post-up rule depending if there was a fixed ip or a dhcp > line in the interfaces file. > A default Debian install has an executable /etc/nftables.conf file. If > nothing is looking at that file then what is the "normal" wat to start the > firewall? see above > Do I hook it up via one of the old /etc/init.d/ scripts? Do I create a script > in one of the /etc/rc?.d/ directories? No. You may write some scripts in /etc/network subdirs, if you REALLY need custom rules at interface up or down. > Is this a bug? No. But docs need to be read. /usr/share/doc/nftables/README.Debian - good starting point. -- Stanislav