Hi All! After using iptables for years, I'm using nftables on Debian 11 for the first time, and have encountered a weird issue which may just be due to my own lack of experience with this. FYI, I'm doing everything here as root.
I have a valid ruleset stored in the file /root/nftables/ruleset.txt . When I run this, it works: nft -f - flush ruleset include "/root/nftables/ruleset.txt" <CTRL-D> I then run "nft list ruleset" and get the expected results. But when I put this in /etc/nftables.conf... #!/usr/sbin/nft -f flush ruleset include "/root/nftables/ruleset.txt" This happens... # systemctl start nftables Job for nftables.service failed because the control process exited with error code. See "systemctl status nftables.service" and "journalctl -xe" for details. # systemctl status nftables ● nftables.service - nftables Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2022-10-03 16:48:55 EDT; 9s ago Docs: man:nft(8) http://wiki.nftables.org Process: 926 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=1/FAILURE) Main PID: 926 (code=exited, status=1/FAILURE) CPU: 14ms Oct 03 16:48:55 host systemd[1]: Starting nftables... Oct 03 16:48:55 host nft[926]: /etc/nftables.conf:4:1-37: Error: File not found: /root/nftables/ruleset.txt Oct 03 16:48:55 host nft[926]: include "/root/nftables/ruleset.txt" Oct 03 16:48:55 host nft[926]: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Oct 03 16:48:55 host systemd[1]: nftables.service: Main process exited, code=exited, status=1/FAILURE Oct 03 16:48:55 host systemd[1]: nftables.service: Failed with result 'exit-code'. Oct 03 16:48:55 host systemd[1]: Failed to start nftables. Does anyone know why nft will load the included file manually but throws an error when doing it through systemd? Thanks! Dave -- Dave Parker '11 Database & Systems Administrator Utica University Integrated Information Technology Services 315-792-3229 He/Him