The officially official Devuan Forum!

You are not logged in.

#1 2022-02-07 06:34:18

SpongeBOB
Member
From: Brussels
Registered: 2022-02-07
Posts: 47  

[SOLVED] How install nftables ?

Hi everyone,

I just installed Devuan 🥳 (nice install guide btw )

How can I install nftables ? Fully, I mean with the back end, front end (nft) start the service automatically ?

Thanks.

(I'm running sysvinit)


Linux noob, plz be kind big_smile

Offline

#2 2022-02-07 06:37:42

GlennW
Member
Registered: 2019-07-18
Posts: 227  

Re: [SOLVED] How install nftables ?

I'm using gufw ufw (unified fire-wall)

installing will drag in nft firewalling packages as dep's.

Seems to ok.

Offline

#3 2022-02-07 15:42:43

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] How install nftables ?

IMO ufw is just useless bloat because the nftables syntax is so much simpler than iptables and no more complex than ufw.

SpongeBOB wrote:

How can I install nftables ? Fully, I mean with the back end, front end (nft) start the service automatically ?

# apt install nftables orphan-sysvinit-scripts
# cp /usr/share/orphan-sysvinit-scripts/nftables /etc/init.d
# update-rc.d nftables defaults

The nftables package provides several sample configuration files under /usr/share/doc/nftables/examples/ which can be copied to /etc/nftables.conf — that file will be read when the nftables service starts.


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#4 2022-02-07 17:05:55

Marjorie
Member
From: Teignmouth, UK
Registered: 2019-06-09
Posts: 133  

Re: [SOLVED] How install nftables ?

As HOAS says UFW still accesses the nftables back-end (which uses the nftables kernel module) through an iptables translation layer.

If you want to run nftables commands natively you need to do as HOAS suggest. 

If you have Chimaera (or above) then use the nftables init script provided by orphan-sysvinit-scripts.

If you have Beowulf or earlier then there is no orphan-sysvinit-scripts. Having installed nftables and put the commands you want run in the config file you need to copy the example file /usr/share/doc/nftables/examples/sysvinit/nftables.init to /etc/init.d/nftables, change the Default-Start and Default-Stop lines (lines 6 and 7) and then make the init file executable by root.

Change the lines:

# Default-Start:
# Default-Stop:      0 1 2 3 4 5 6

to:

# Default-Start:     S	
# Default-Stop:      0 6

Then run

update-rc.d nftables defaults

as described by HOAS.

This will then read the config file and start nftables at boot.

Last edited by Marjorie (2022-02-07 17:09:25)

Offline

#5 2022-02-07 17:46:47

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,326  

Re: [SOLVED] How install nftables ?

Here's the Debian source for the chimaera package:

https://salsa.debian.org/matthew/orphan … s/nftables

That version uses

# Default-Start:     S
# Default-Stop:      0 1 6

I'm running Alpine atm so I have no idea if that would work in Devuan beowulf.


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#6 2022-02-07 22:16:05

GlennW
Member
Registered: 2019-07-18
Posts: 227  

Re: [SOLVED] How install nftables ?

Thank you for the info HoaS and Marjorie,

I didn't know that about (g)ufw and I'll be implementing your suggestions later today.

Offline

#7 2022-02-09 07:07:52

SpongeBOB
Member
From: Brussels
Registered: 2022-02-07
Posts: 47  

Re: [SOLVED] How install nftables ?

Thank @Head_on_a_Stick after fixing my apt problem (actually date problem)

I successfully installed nftables

# apt install nftables orphan-sysvinit-scripts
# cp /usr/share/orphan-sysvinit-scripts/nftables /etc/init.d
# update-rc.d nftables defaults

But know when I slightly change the /etc/nftables.conf my screen is black for 4min before I finally see the login screen !
I open another topic for this case.


Linux noob, plz be kind big_smile

Offline

#8 2022-03-14 13:47:14

etech
Member
From: France - South West
Registered: 2022-03-13
Posts: 15  

Re: [SOLVED] How install nftables ?

Thank you, Head_on_a_Stick and Marjorie.
I'm a long time Debian "testing" user and I discovered Devuan 'Daedalus' a few days ago - what a suprise! it makes me so happy ;o;)
Your tips about nftables on Devuan helped me a lot.

Offline

Board footer