How do I enable and use nftables?

Jul 10, 2021
80
14
13
44
www.saudiqbal.com
How do I enable the nftables and start playing with it, I just upgraded to 8.2

Update: Found it in Datacenter > Node > Firewall > Options > nftables > enable.
 
Last edited:
Enabled, all rules in iptables are removed, but no new rules added to nftables -> ending up without any firewall -> revert.
 
Update: the proxmox-firewall service fails if there are aliases not referenced by the new "dc/" or "guest/" notation. After replacing all of them and restarting the firewall, nftables rules are created.
 
  • Like
Reactions: shanreich
In the spirit of gathering 8.2 nftables limitations...

I think I'm having difficulties with an out DROP rule that's also blocking the "SYN ACK" stage of establishing an inbound TCP connection. Some precedence issue with the usual related/established boilerplate I suspect.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!