View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007426Rocky-Linux-9nftablespublic2024-07-14 14:432024-07-14 14:43
ReporterAntonio Lo Russo Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformRocky Linux 9OSRocky Linux 9.4OS Version9.4
Summary0007426: nftables doesn't start at boot and it load strange conf
DescriptionHi,
I had my server with RockyLinux 9.3 and nftables service running properly with a custom configuration.
After the update to 9.4 the service doesn't start at boot and it loads a wrong configuration:

[root@pet-rp-01 ~]# systemctl status nftables
○ nftables.service - Netfilter Tables
     Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:nft(8)
[root@pet-rp-01 ~]#
[root@pet-rp-01 ~]#
[root@pet-rp-01 ~]# nft list ruleset
table inet firewalld {
    chain mangle_PREROUTING {
        type filter hook prerouting priority mangle + 10; policy accept;
        jump mangle_PREROUTING_ZONES
    }
.......
    chain mangle_PRE_policy_allow-host-ipv6_post {
    }
}

Then after server boots if a manually start the service, it runs properly and my configuration is loaded correcly:

[root@pet-rp-01 ~]# systemctl start nftables
[root@pet-rp-01 ~]# systemctl status nftables
● nftables.service - Netfilter Tables
     Loaded: loaded (/usr/lib/systemd/system/nftables.service; enabled; preset: disabled)
     Active: active (exited) since Sun 2024-07-14 16:41:46 CEST; 7s ago
       Docs: man:nft(8)
    Process: 1667 ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf (code=exited, status=0/SUCCESS)
   Main PID: 1667 (code=exited, status=0/SUCCESS)
        CPU: 34ms

lug 14 16:41:46 pet-rp-01 systemd[1]: Starting Netfilter Tables...
lug 14 16:41:46 pet-rp-01 systemd[1]: Finished Netfilter Tables.
[root@pet-rp-01 ~]#
[root@pet-rp-01 ~]# nft list ruleset
table inet fw_table {
    chain filter_chain {
        tcp dport 22 accept
        tcp dport 443 accept
    }
}

Here is the actual version installed:

[root@pet-rp-01 ~]# rpm -qa|grep nft
libnftnl-1.2.6-2.el9.x86_64
nftables-1.0.9-1.el9.x86_64
iptables-nft-1.8.10-2.el9.x86_64
python3-nftables-1.0.9-1.el9.x86_64

Thanks,
Antonio
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-07-14 14:43 Antonio Lo Russo New Issue