I'm using nftables to implement firewall rules. I have some rules which I need to apply to
This is also the same for the
How could I remedy this issue?
Thanks in advance.
vmbr1
and the fwbr
interfaces. I create my test config file thus:
Code:
#!/usr/sbin/nft -f
flush ruleset
table netdev filterearly {
chain ingress {
type filter hook ingress device enp3s0 priority 0; policy accept;
meta iif vmbr1 ip daddr 192.168.0.0/16 accept;
}
}
nft -f /etc/nftables.conf
successfully loads the configuration. However upon reboot my nft list ruleset
is blank. With systemctl status nftables
I find that the "interface does not exist":
Code:
● nftables.service - nftables
Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2020-12-14 15:41:53 GMT; 5min ago
Docs: man:nft(8)
http://wiki.nftables.org
Process: 417 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=1/FAILURE)
Main PID: 417 (code=exited, status=1/FAILURE)
Dec 14 15:41:53 PXM nft[417]: /etc/nftables.conf:29:18-22: Error: Interface does not exist
Dec 14 15:41:53 PXM nft[417]: meta iif vmbr1 ip daddr 192.168.0.0/16 accept;
Dec 14 15:41:53 PXM nft[417]: ^^^^^
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
This is also the same for the
fwbr
interfaces. It also gives me errors (after rebooting) when I try to use the virtual interfaces in the netdev ingress
chains.How could I remedy this issue?
Thanks in advance.