Package: nftables Version: 0.6+snapshot20161117-2 Severity: normal Dear Maintainer,
The latest snapshot of nftables adds a notrack target that may be used to disable connection tracking for selected packets: #!/usr/sbin/nft -f flush ruleset table inet raw { chain prerouting { type filter hook prerouting priority -300; iif lo notrack } chain output { type filter hook output priority -300; oif lo notrack } } table inet filter { chain input { type filter hook input priority 0; policy drop; ct state established,related,untracked accept } chain forward { type filter hook forward priority 0; policy drop; } chain output { type filter hook output priority 0; policy accept; } } Loading the above ruleset fails with # /etc/nftables.conf /etc/nftables.conf:5:1-2: Error: Could not process rule: No such file or directory table inet raw { ^^ /etc/nftables.conf:5:1-2: Error: Could not process rule: No such file or directory table inet raw { ^^ I tried both linux-image-4.8.0-1-amd64 and linux-image-4.9.0-rc5-amd64-unsigned. Regards, Peter