nftables does not read its conf file

  • Bonjour,


    I try to have nftables as my default firewal on omv, but someone (?) has written something somewhere that prevent nftables to read its configation file (/etc/nftables.conf).


    Whatever I write in this configation file, nft list ruleset -a returns:

    table inet filter { # handle 40

    chain input { # handle 1

    type filter hook input priority 0; policy accept;

    }


    chain forward { # handle 2

    type filter hook forward priority 0; policy accept;

    }


    chain output { # handle 3

    type filter hook output priority 0; policy accept;

    }

    }


    Thank you.


    F.P.

  • Bonjour,


    Nobody answered, so I give what I have done to use nftables.


    1- I deleted iptables alternatives:

    update-alternatives --remove iptables /usr/sbin/iptables-legacy

    update-alternatives --remove iptables /usr/sbin/iptables-nft


    Same for ip6tables:

    update-alternatives --remove ip6tables /usr/sbin/ip6tables-legacy

    update-alternatives --remove ip6tables /usr/sbin/ip6tables-nft


    2- I removed x-permissions from script

    /etc/iptables/openmediavault-firewall.sh

    chmod u-x g-x a-x /etc/iptables/openmediavault-firewall.sh


    3- I deleted all lines between <iptables> and </iptables> in xml config file /etc/openmediavault/config.xml


    4- I removed all kernel modules concerning iptables with rmmod


    And, at last, I could configure nftables.... and get it working.


    Next time I will remove iptables packages...


    That's all.


    F.P.

  • Good to read, please flag the post as "resolved' via 'edit thread' at top.

    Maybe applying Netiquette would have resulted in responses :)

    omv 5.6.5-1 (usul) on RPi4/4GB with Kernel 5.10.x and WittyPi 3 V2 RTC HAT

    2x 6TB HDD formatted with ext4 in Icy Box IB-RD3662-C31 / hardware supported RAID1

    For Read/Write performance of SMB shares hosted on this hardware see forum here

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!