12

I am trying to apply below nftables rule which I adopted from this guide:

nft add rule filter INPUT tcp flags != syn counter drop

somehow this is ending up with:

Error: Could not process rule: No such file or directory

Can anyone spot what exactly I might be missing in this rule?

Bitmap
  • 245
  • 1
  • 3
  • 7

3 Answers3

12

You're probably missing your table or chain.

nft list ruleset

will give you what you are working with. If it prints out nothing, you're missing both.

nft add table ip filter # create table
nft add chain ip filter INPUT { type filter hook input priority 0 \; } # create chain

Then you should be able to add your rule to the chain.

NOTE: If you're logged in with ssh, your connection will be suspended.

Vivian
  • 421
  • 3
  • 6
  • When I ran the `INPUT` one, I got `zsh: parse error near \`}'`. This can be fxed by adding another backslash in front of the closing curly bracket. Hope this helps someone! – ajmeese7 Apr 16 '23 at 01:27
3

I was getting Error: Could not process rule: No such file or directory for nftables counter rules on an embedded Linux system built with Yocto.

In my case, the issue was due to kernel configuration. I had to enable the following:

  • CONFIG_NFT_COUNTER=m so that I could create counters.
  • CONFIG_NFT_OBJREF=m so that I could refer to the counters by name in rules.

This mailing list post helped me:

[OpenWrt-Devel] nftables: named counters broken on 18.06.4 — September 2019

Craig McQueen
  • 799
  • 8
  • 15
1

In my case I needed CONFIG_NF_TABLES_INET=y.

https://zigford.org/firewalld-kernel-requirements.html was very helpful.

Alex Henrie
  • 715
  • 1
  • 8
  • 13