Package: nftables
Version: 0.6+snapshot20161117-2
Severity: normal
Dear Maintainer,
The latest snapshot of nftables adds a notrack target that may
be used to disable connection tracking for selected packets:
#!/usr/sbin/nft -f
flush ruleset
table inet raw {
chain prerouting {
type filter hook prerouting priority -300;
iif lo notrack
}
chain output {
type filter hook output priority -300;
oif lo notrack
}
}
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
ct state established,related,untracked accept
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
Loading the above ruleset fails with
# /etc/nftables.conf
/etc/nftables.conf:5:1-2: Error: Could not process rule: No such file or
directory
table inet raw {
^^
/etc/nftables.conf:5:1-2: Error: Could not process rule: No such file or
directory
table inet raw {
^^
I tried both linux-image-4.8.0-1-amd64 and linux-image-4.9.0-rc5-amd64-unsigned.
Regards,
Peter
