вт, 25 апр. 2023 г. в 13:32, Bonno Bloksma <b.blok...@tio.nl>:
> > Debian's nftables package includes a systemd service to run nftables. You 
> > might want to run systemctl status nftables first and then enable and to 
> > start the service.
> Unfortunately nft is not a service. Trying the service command with nft gives 
> an error.
> linbookwormtest:~# service nft status
> Unit nft.service could not be found.
> linbookwormtest:~#

$ sudo systemctl status nftables.service
● nftables.service - nftables
     Loaded: loaded (/lib/systemd/system/nftables.service; disabled;
vendor preset: enabled)
     Active: inactive (dead)
       Docs: man:nft(8)
             http://wiki.nftables.org

This is not true service, but only loader for /etc/nftables.conf rules
at boot, if enabled.

> Also trying command completion with the nft, or even nf, show no results. 
> Using just the n for completion gives just the networking service.

nftables: /usr/sbin/nft
This is package, which can be installed or not.
And, if you use 'su' command, please use it right:
su -

> > I wonder how you used iptables? I always used a script for that but I had 
> > to run it too for changes...
> I allways had a script too. I had it hooked in /etc/network/interfaces via 
> either a pre-up or post-up rule depending if there was a fixed ip or a dhcp 
> line in the interfaces file.

> A default Debian install has an executable /etc/nftables.conf file. If 
> nothing is looking at that file then what is the "normal" wat to start the 
> firewall?

see above

> Do I hook it up via one of the old /etc/init.d/ scripts? Do I create a script 
> in one of the /etc/rc?.d/ directories?

No. You may write some scripts in /etc/network subdirs, if you REALLY
need custom rules at interface up or down.

> Is this a bug?

No. But docs need to be read.
/usr/share/doc/nftables/README.Debian - good starting point.

-- 
Stanislav

Reply via email to