Nf_tables modules not found.
Nf_tables modules not found.
I tried to setup nftables in Porteus but got "Initialisation Error" since nf_tables module is missing.
I tried to enable it but since kernel config does not have NFT it also failed.
root@porteus:/home/guest# modprobe configs && zcat /proc/config.gz | grep NFT
root@porteus:/home/guest#
show no ouput
How can I change and enable NFT config in the kernel.
Do I need to create custom kernel
Please advise.
I tried to enable it but since kernel config does not have NFT it also failed.
root@porteus:/home/guest# modprobe configs && zcat /proc/config.gz | grep NFT
root@porteus:/home/guest#
show no ouput
How can I change and enable NFT config in the kernel.
Do I need to create custom kernel
Please advise.
- ncmprhnsbl
- DEV Team
- Posts: 3938
- Joined: 20 Mar 2012, 03:42
- Distribution: v5.0-64bit
- Location: australia
- Contact:
Nf_tables modules not found.
as it is now:
Code: Select all
# CONFIG_NF_TABLES is not set
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44
- Blaze
- DEV Team
- Posts: 3885
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Nf_tables modules not found.
Hi Testuser.
Try this kernel Porteus Kernel Builder (Пост Blaze #91353)
Try this kernel Porteus Kernel Builder (Пост Blaze #91353)
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
Nf_tables modules not found.
Thanks much ncmp and Blaze for the quick reply.
Blaze, I will try the kernel you provided and test it.
Blaze, I will try the kernel you provided and test it.
Nf_tables modules not found.
Hi Blaze,
I have tried nftables again.
root@porteus:/home/guest# iptables-restore-translate -f iptables_rules.txt > nft_ruleset.nft
root@porteus:/home/guest# nft -f nft_ruleset.nft
nft_ruleset.nft:2:1-20: Error: Could not process rule: Operation not supported
add table ip filter
^^^^^^^^^^^^^^^^^^^^
nft_ruleset.nft:3:14-19: Error: No such file or directory; did you mean chain ‘INPUT’ in table ip ‘filter’?
add chain ip filter INPUT { type filter hook input priority 0; policy drop; }
-----------------------------------------------------------------------------------------------------------------------------------
guest@porteus:~$ sudo modinfo nf_tables
name: nf_tables
filename: (builtin)
alias: nfnetlink-subsys-10
author: Patrick McHardy <kaber@trash.net>
license: GPL
file: net/netfilter/nf_tables
Seems nf_tables is builtin to kernel but, sudo modproble shows nothing - guest@porteus:~$ sudo modprobe nf_tables
Seems we need to have below config enabled in kernel, not sure
sudo modprobe configs && zcat /proc/config.gz | grep NF_TAB
Password:
CONFIG_NF_TABLES=y
# CONFIG_NF_TABLES_INET is not set
# CONFIG_NF_TABLES_NETDEV is not set
# CONFIG_NF_TABLES_IPV4 is not set
# CONFIG_NF_TABLES_ARP is not set
# CONFIG_NF_TABLES_IPV6 is not set
# CONFIG_NF_TABLES_BRIDGE is not set
# CONFIG_NF_FLOW_TABLE is not set
I have tried nftables again.
root@porteus:/home/guest# iptables-restore-translate -f iptables_rules.txt > nft_ruleset.nft
root@porteus:/home/guest# nft -f nft_ruleset.nft
nft_ruleset.nft:2:1-20: Error: Could not process rule: Operation not supported
add table ip filter
^^^^^^^^^^^^^^^^^^^^
nft_ruleset.nft:3:14-19: Error: No such file or directory; did you mean chain ‘INPUT’ in table ip ‘filter’?
add chain ip filter INPUT { type filter hook input priority 0; policy drop; }
-----------------------------------------------------------------------------------------------------------------------------------
guest@porteus:~$ sudo modinfo nf_tables
name: nf_tables
filename: (builtin)
alias: nfnetlink-subsys-10
author: Patrick McHardy <kaber@trash.net>
license: GPL
file: net/netfilter/nf_tables
Seems nf_tables is builtin to kernel but, sudo modproble shows nothing - guest@porteus:~$ sudo modprobe nf_tables
Seems we need to have below config enabled in kernel, not sure
sudo modprobe configs && zcat /proc/config.gz | grep NF_TAB
Password:
CONFIG_NF_TABLES=y
# CONFIG_NF_TABLES_INET is not set
# CONFIG_NF_TABLES_NETDEV is not set
# CONFIG_NF_TABLES_IPV4 is not set
# CONFIG_NF_TABLES_ARP is not set
# CONFIG_NF_TABLES_IPV6 is not set
# CONFIG_NF_TABLES_BRIDGE is not set
# CONFIG_NF_FLOW_TABLE is not set
- babam
- Warlord
- Posts: 528
- Joined: 16 Nov 2016, 10:30
- Distribution: Porteus 5.0rc3 Xfce K6.1.1
- Location: Rainy city
Nf_tables modules not found.
On Slackware
Code: Select all
CONFIG_NF_TABLES=m
CONFIG_NF_TABLES_INET=y
CONFIG_NF_TABLES_NETDEV=y
CONFIG_NF_TABLES_IPV4=y
CONFIG_NF_TABLES_ARP=y
CONFIG_NF_TABLES_IPV6=y
CONFIG_NF_TABLES_BRIDGE=m
Sorry, my English is bad.
- ncmprhnsbl
- DEV Team
- Posts: 3938
- Joined: 20 Mar 2012, 03:42
- Distribution: v5.0-64bit
- Location: australia
- Contact:
Nf_tables modules not found.
possibly more too..
here's what the standard arch kernel(@6.0.10) has:
Code: Select all
#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_INGRESS=y
CONFIG_NETFILTER_EGRESS=y
CONFIG_NETFILTER_SKIP_EGRESS=y
CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_FAMILY_BRIDGE=y
CONFIG_NETFILTER_FAMILY_ARP=y
CONFIG_NETFILTER_NETLINK_HOOK=m
CONFIG_NETFILTER_NETLINK_ACCT=m
CONFIG_NETFILTER_NETLINK_QUEUE=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NETFILTER_NETLINK_OSF=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_LOG_SYSLOG=m
CONFIG_NETFILTER_CONNCOUNT=m
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CONNTRACK_LABELS=y
CONFIG_NF_CT_PROTO_DCCP=y
CONFIG_NF_CT_PROTO_GRE=y
CONFIG_NF_CT_PROTO_SCTP=y
CONFIG_NF_CT_PROTO_UDPLITE=y
CONFIG_NF_CONNTRACK_AMANDA=m
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_BROADCAST=m
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NF_CONNTRACK_SNMP=m
CONFIG_NF_CONNTRACK_PPTP=m
CONFIG_NF_CONNTRACK_SANE=m
CONFIG_NF_CONNTRACK_SIP=m
CONFIG_NF_CONNTRACK_TFTP=m
CONFIG_NF_CT_NETLINK=m
CONFIG_NF_CT_NETLINK_TIMEOUT=m
CONFIG_NF_CT_NETLINK_HELPER=m
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NF_NAT=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_REDIRECT=y
CONFIG_NF_NAT_MASQUERADE=y
CONFIG_NETFILTER_SYNPROXY=m
CONFIG_NF_TABLES=m
CONFIG_NF_TABLES_INET=y
CONFIG_NF_TABLES_NETDEV=y
CONFIG_NFT_NUMGEN=m
CONFIG_NFT_CT=m
CONFIG_NFT_FLOW_OFFLOAD=m
CONFIG_NFT_CONNLIMIT=m
CONFIG_NFT_LOG=m
CONFIG_NFT_LIMIT=m
CONFIG_NFT_MASQ=m
CONFIG_NFT_REDIR=m
CONFIG_NFT_NAT=m
CONFIG_NFT_TUNNEL=m
CONFIG_NFT_OBJREF=m
CONFIG_NFT_QUEUE=m
CONFIG_NFT_QUOTA=m
CONFIG_NFT_REJECT=m
CONFIG_NFT_REJECT_INET=m
CONFIG_NFT_COMPAT=m
CONFIG_NFT_HASH=m
CONFIG_NFT_FIB=m
CONFIG_NFT_FIB_INET=m
CONFIG_NFT_XFRM=m
CONFIG_NFT_SOCKET=m
CONFIG_NFT_OSF=m
CONFIG_NFT_TPROXY=m
CONFIG_NFT_SYNPROXY=m
CONFIG_NF_DUP_NETDEV=m
CONFIG_NFT_DUP_NETDEV=m
CONFIG_NFT_FWD_NETDEV=m
CONFIG_NFT_FIB_NETDEV=m
CONFIG_NFT_REJECT_NETDEV=m
CONFIG_NF_FLOW_TABLE_INET=m
CONFIG_NF_FLOW_TABLE=m
CONFIG_NF_FLOW_TABLE_PROCFS=y
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XTABLES_COMPAT=y
#
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_SOCKET_IPV4=m
CONFIG_NF_TPROXY_IPV4=m
CONFIG_NF_TABLES_IPV4=y
CONFIG_NFT_REJECT_IPV4=m
CONFIG_NFT_DUP_IPV4=m
CONFIG_NFT_FIB_IPV4=m
CONFIG_NF_TABLES_ARP=y
CONFIG_NF_DUP_IPV4=m
CONFIG_NF_LOG_ARP=m
CONFIG_NF_LOG_IPV4=m
CONFIG_NF_REJECT_IPV4=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_SYNPROXY=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
# end of IP: Netfilter Configuration
#
# IPv6: Netfilter Configuration
#
CONFIG_NF_SOCKET_IPV6=m
CONFIG_NF_TPROXY_IPV6=m
CONFIG_NF_TABLES_IPV6=y
CONFIG_NFT_REJECT_IPV6=m
CONFIG_NFT_DUP_IPV6=m
CONFIG_NFT_FIB_IPV6=m
CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_RPFILTER=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_SRH=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_TARGET_SYNPROXY=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP6_NF_SECURITY=m
CONFIG_IP6_NF_NAT=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m
CONFIG_IP6_NF_TARGET_NPT=m
# end of IPv6: Netfilter Configuration
Code: Select all
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_TABLES_BRIDGE=m
CONFIG_NFT_BRIDGE_META=m
CONFIG_NFT_BRIDGE_REJECT=m
CONFIG_NF_CONNTRACK_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
what is or isn't relevent here, i've no idea.. seems like a lot though..
ooops, ;P prolly should have looked at our config first.. most of that is already there ..carry on
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44
- Blaze
- DEV Team
- Posts: 3885
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Nf_tables modules not found.
@guys, how about remove iptables and switch on Nftables in kernel?
Any suggestions are welcome!
Any suggestions are welcome!
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
- ncmprhnsbl
- DEV Team
- Posts: 3938
- Joined: 20 Mar 2012, 03:42
- Distribution: v5.0-64bit
- Location: australia
- Contact:
Nf_tables modules not found.
the only reason i'd be hesitant(to remove iptables) at this point would be that our firewall script could be broken by this...
for sure, this is something that is old and needs work...
Forum Rules : https://forum.porteus.org/viewtopic.php?f=35&t=44
- Blaze
- DEV Team
- Posts: 3885
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Nf_tables modules not found.
ncmprhnsbl, openwrt project is removed iptables and now is use Nftables
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
-
- Full of knowledge
- Posts: 2070
- Joined: 17 Jun 2013, 13:17
- Distribution: Porteus 3.2.2 XFCE 32bit
- Location: Germany
Nf_tables modules not found.
Hmmm...as long as iptables does what it is supposed to do, why change it?
What would be the advantage of using nftables?
What would be the advantage of using nftables?
- Blaze
- DEV Team
- Posts: 3885
- Joined: 28 Dec 2010, 11:31
- Distribution: ⟰ Porteus current ☯ all DEs ☯
- Location: ☭ Russian Federation, Lipetsk region, Dankov
- Contact:
Nf_tables modules not found.
Hi Testuser.
Ok, can you test nftables with this kernel Porteus Kernel Builder (Пост Blaze #91916) ?
Ok, can you test nftables with this kernel Porteus Kernel Builder (Пост Blaze #91916) ?
but more info is here nftables vs. iptables
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16
- babam
- Warlord
- Posts: 528
- Joined: 16 Nov 2016, 10:30
- Distribution: Porteus 5.0rc3 Xfce K6.1.1
- Location: Rainy city
Nf_tables modules not found.
I think it needs all CONFIG_NF_TABLES* and CONFIG_NFT_* from Slackware.ncmprhnsbl wrote: ↑05 Dec 2022, 04:44possibly other stuff that isn't explicitly "NF"
what is or isn't relevent here, i've no idea.. seems like a lot though..
https://wiki.nftables.org/wiki-nftables ... stallation
Sorry, my English is bad.
Nf_tables modules not found.
Thanks Blaze and I will test and update once I am freeBlaze wrote: ↑06 Dec 2022, 17:18Ok, can you test nftables with this kernel Porteus Kernel Builder (Пост Blaze #91916) ?