After updating from Stretch to Buster and moving from iptables to nftables, the nft command doesn't process any given command except for list, which doesn't print anything.
The input nft flush ruleset prints:
Error: Could not process rule: Invalid argument
flush ruleset
^^^^^^^^^^^^^^
Error: Could not process rule: Invalid argument
flush ruleset
^^^^^^^^^^^^^^
nft create table inet filter
Error: Could not process rule: Invalid argument
create table inet filter
^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Could not process rule: Invalid argument
create table inet filter
^^^^^^^^^^^^^^^^^^^^^^^^^
Even with the initial config in the debian package, it prints an error for each line in it.
nft -f /etc/nftables.conf
/etc/nftables.conf :
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
/etc/nftables.conf:3:1-14: Error: Could not process rule: Invalid argument
flush ruleset
^^^^^^^^^^^^^^
/etc/nftables.conf:5:1-2: Error: Could not process rule: Invalid argument
table inet filter {
^^
/etc/nftables.conf:6:15-19: Error: Could not process rule: Invalid argument
chain input {
^^^^^
/etc/nftables.conf:9:15-21: Error: Could not process rule: Invalid argument
chain forward {
^^^^^^^
/etc/nftables.conf:12:15-20: Error: Could not process rule: Invalid argument
chain output {
^^^^^^
/etc/nftables.conf:3:1-14: Error: Could not process rule: Invalid argument
flush ruleset
^^^^^^^^^^^^^^
/etc/nftables.conf:5:1-2: Error: Could not process rule: Invalid argument
table inet filter {
^^
/etc/nftables.conf:6:15-19: Error: Could not process rule: Invalid argument
chain input {
^^^^^
/etc/nftables.conf:9:15-21: Error: Could not process rule: Invalid argument
chain forward {
^^^^^^^
/etc/nftables.conf:12:15-20: Error: Could not process rule: Invalid argument
chain output {
^^^^^^
Distro: Debian GNU/Linux 10 (buster)
nft: nftables v0.9.0 (Fearless Fosdick)
Best Answer
Found out the issue was, that the nf_tables module wasn't loaded. The problem persisted on the VPS, that was running in openVZ, which is a container based virtualisation. And since the iptables and nftables modules cannot run simultaneously, the provider rather wouldn't break everyones systems just to support nftables.