Hallo Leute,
Habe ein Problem mit NF tables.
Bekomme immer folgende Meldung:
Code
$ sudo service nftables status
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2017-10-23 14:29:43 CEST; 16min ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 319 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=255)
Main PID: 319 (code=exited, status=255)
Okt 23 14:29:42 caodb systemd[1]: Starting nftables...
Okt 23 14:29:43 caodb systemd[1]: nftables.service: Main process exited, code=exited, status=255/n/a
Okt 23 14:29:43 caodb systemd[1]: Failed to start nftables.
Okt 23 14:29:43 caodb systemd[1]: nftables.service: Unit entered failed state.
Okt 23 14:29:43 caodb systemd[1]: nftables.service: Failed with result 'exit-code'.
Alles anzeigen
Es scheint also ein Problem mit der config zu geben.
Diese sieht aber (für mich) gut aus:
Code
#!/usr/bin/nft -t
table inet filter {
chain input {
type filter hook input priority 0;
# allow established/related connections
ct state {established, related} accept
# early drop of invalid connections
ct state invalid drop
# allow from loopback
iifname lo accept
# allow icmp
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# allow ssh,http
tcp dport {ssh} accept
# everything else
reject with icmp type port-unreachable
}
chain forward {
type filter hook forward priority 0;
drop
}
chain output {
type filter hook output priority 0;
}
}
Alles anzeigen
Hat jemand einer Idee?