Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] nftables doesn't work like excepted
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Sat Feb 22, 2014 5:10 pm    Post subject: [solved] nftables doesn't work like excepted Reply with quote

Hello,

i wanted to try nftables on my home pc and play with the configurations :)

But after installing everything, i'm unable to create a list.

Hope someone could help

Every command is executed as root

Quote:

demonking # uname -a
Linux Master 3.13.4-gentoo #1 SMP Sat Feb 22 14:03:31 CET 2014 x86_64 AMD Phenom(tm) II X6 1100T Processor AuthenticAMD GNU/Linux


Quote:

demonking # lsmod
Module Size Used by
nf_tables 36746 0
e1000e 192089 0
radeon 1278689 2
fbcon 37113 76
cfbfillrect 3754 1 radeon
bitblit 5065 1 fbcon
softcursor 1277 1 bitblit
font 7332 1 fbcon
cfbimgblt 2143 1 radeon
cfbcopyarea 3358 1 radeon
drm_kms_helper 28079 1 radeon
ptp 7916 1 e1000e
ttm 59942 1 radeon
pps_core 6465 1 ptp


Quote:

demonking # equery list '*' | grep nftables
net-firewall/nftables-0.099



Quote:

demonking # nft add table foo
<cmdline>:1:1-13: Error: Could not add table: Address family not supported by protocol


What i'm doing wrong?

Because gentoo don't have a wiki section for this, i have read the arch linux https://wiki.archlinux.org/index.php/Nftables#Tables .
But nothing helps :/
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42


Last edited by Demonking on Sat Feb 22, 2014 7:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
Demonking
n00b
n00b


Joined: 12 Mar 2007
Posts: 41

PostPosted: Sat Feb 22, 2014 7:24 pm    Post subject: Reply with quote

After trying and search through all sites of google, i have found the problem.

There were some missing modules.

Here are the required:

Quote:

Netfilter Xtables support (required for ip_tables) (NETFILTER_XTABLES) [M/y/?] m
Netfilter nf_tables support (NF_TABLES) [N/m] (NEW) m
Netfilter nf_tables payload module (NFT_PAYLOAD) [N/m] (NEW) m
Netfilter nf_tables IPv6 exthdr module (NFT_EXTHDR) [N/m] (NEW) m
Netfilter nf_tables meta module (NFT_META) [N/m] (NEW) m
Netfilter nf_tables conntrack module (NFT_CT) [N/m] (NEW) m
Netfilter nf_tables rbtree set module (NFT_RBTREE) [N/m] (NEW) m
Netfilter nf_tables hash set module (NFT_HASH) [N/m] (NEW) m
Netfilter nf_tables counter module (NFT_COUNTER) [N/m] (NEW) m
Netfilter nf_tables log module (NFT_LOG) [N/m] (NEW) m
Netfilter nf_tables limit module (NFT_LIMIT) [N/m] (NEW) m
Netfilter nf_tables nat module (NFT_NAT) [N/m] (NEW) m
Netfilter x_tables over nf_tables module (NFT_COMPAT) [N/m/?] (NEW) m

IPv4 nf_tables support (NF_TABLES_IPV4) [N/m] (NEW) m
nf_tables IPv4 reject support (NFT_REJECT_IPV4) [N/m] (NEW) m
IPv4 nf_tables route chain support (NFT_CHAIN_ROUTE_IPV4) [N/m] (NEW) m
IPv4 nf_tables nat chain support (NFT_CHAIN_NAT_IPV4) [N/m] (NEW) m

IPv6 nf_tables support (NF_TABLES_IPV6) [M/n] m
IPv6 nf_tables route chain support (NFT_CHAIN_ROUTE_IPV6) [M/n] m
IPv6 nf_tables nat chain support (NFT_CHAIN_NAT_IPV6) [M/n] m

Ethernet Bridge nf_tables support (NF_TABLES_BRIDGE) [N/m/y] (NEW) m


Source : https://home.regit.org/netfilter-en/nftables-quick-howto


Hope i could help someone else with this problem :D
_________________
I finally understand why Java's security model is so torturous:
It's to protect everyone else against people who write code like this.

The Answer to Life, the Universe, and Everything = 42
Back to top
View user's profile Send private message
666threesixes666
Veteran
Veteran


Joined: 31 May 2011
Posts: 1248
Location: 42.68n 85.41w

PostPosted: Sat Feb 22, 2014 7:58 pm    Post subject: Reply with quote

since my world update is pulling in a new kernel i guess ill insert your documentation and note that it is not tested by me into the wiki for nftables and test if the kernel works on this box or not.

https://wiki.gentoo.org/wiki/Nftables

it seems legit, and similar enough to iptables kernel options that i believe you. i would say just drop in and ill format it to wiki for you, but kernel stuff requires hunting down the exact path that the options reside at. so that is pretty much what is happening, me taking your notes and formatting them as i insert them into a test kernel that i expect to fail due to hardware insufficiency.

Netfilter nf_tables payload module (NFT_PAYLOAD) [N/m] (NEW) m i couldnt find in 3.13.4 rest are posted though
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum