You are not logged in.
Pages: 1
Hi everyone,
I just installed Devuan 🥳 (nice install guide btw )
How can I install nftables ? Fully, I mean with the back end, front end (nft) start the service automatically ?
Thanks.
(I'm running sysvinit)
Linux noob, plz be kind
Offline
I'm using gufw ufw (unified fire-wall)
installing will drag in nft firewalling packages as dep's.
Seems to ok.
pic from 1993, new guitar day.
Offline
IMO ufw is just useless bloat because the nftables syntax is so much simpler than iptables and no more complex than ufw.
How can I install nftables ? Fully, I mean with the back end, front end (nft) start the service automatically ?
# apt install nftables orphan-sysvinit-scripts
# cp /usr/share/orphan-sysvinit-scripts/nftables /etc/init.d
# update-rc.d nftables defaults
The nftables package provides several sample configuration files under /usr/share/doc/nftables/examples/ which can be copied to /etc/nftables.conf — that file will be read when the nftables service starts.
Brianna Ghey — Rest In Power
Offline
As HOAS says UFW still accesses the nftables back-end (which uses the nftables kernel module) through an iptables translation layer.
If you want to run nftables commands natively you need to do as HOAS suggest.
If you have Chimaera (or above) then use the nftables init script provided by orphan-sysvinit-scripts.
If you have Beowulf or earlier then there is no orphan-sysvinit-scripts. Having installed nftables and put the commands you want run in the config file you need to copy the example file /usr/share/doc/nftables/examples/sysvinit/nftables.init to /etc/init.d/nftables, change the Default-Start and Default-Stop lines (lines 6 and 7) and then make the init file executable by root.
Change the lines:
# Default-Start:
# Default-Stop: 0 1 2 3 4 5 6
to:
# Default-Start: S
# Default-Stop: 0 6
Then run
update-rc.d nftables defaults
as described by HOAS.
This will then read the config file and start nftables at boot.
Last edited by Marjorie (2022-02-07 17:09:25)
Offline
Here's the Debian source for the chimaera package:
https://salsa.debian.org/matthew/orphan … s/nftables
That version uses
# Default-Start: S
# Default-Stop: 0 1 6
I'm running Alpine atm so I have no idea if that would work in Devuan beowulf.
Brianna Ghey — Rest In Power
Offline
Thank you for the info HoaS and Marjorie,
I didn't know that about (g)ufw and I'll be implementing your suggestions later today.
pic from 1993, new guitar day.
Offline
Thank @Head_on_a_Stick after fixing my apt problem (actually date problem)
I successfully installed nftables
# apt install nftables orphan-sysvinit-scripts
# cp /usr/share/orphan-sysvinit-scripts/nftables /etc/init.d
# update-rc.d nftables defaults
But know when I slightly change the /etc/nftables.conf my screen is black for 4min before I finally see the login screen !
I open another topic for this case.
Linux noob, plz be kind
Offline
Thank you, Head_on_a_Stick and Marjorie.
I'm a long time Debian "testing" user and I discovered Devuan 'Daedalus' a few days ago - what a suprise! it makes me so happy ;o;)
Your tips about nftables on Devuan helped me a lot.
Offline
Pages: 1