Firewall for the lazy

Head_on_a_Stick · 2016-06-18 21:15:15

^ If that step was missed then nftables.service would *not* start at boot afterwards.

hughparker1 · 2016-06-18 21:16:31

Head_on_a_Stick wrote:

^ If that step was missed then nftables.service would *not* start at boot afterwards.

OK I thought so, but wans't 100% sure. Thanks.

tynman · 2016-06-19 12:24:15

FWIW, the problem with the "flush ruleset" command in the nftables.conf file is fixed in the next release of nftables (v0.6), which is the version packaged with Debian testing/Stretch.

Ben

Head_on_a_Stick · 2016-06-19 12:27:28

Thanks Ben!

I presume you mean version 0.6-2?
https://www.archlinux.org/packages/extr … /nftables/

jessie-backports already has 0.6-1:
https://packages.debian.org/search?keyw … ection=all

tynman · 2016-06-19 18:21:15

Hmm, no.

In my BL-Debian testing/Stretch box, apt-cache policy reports I have

Installed: nftables 0.6-1

No problem with the flush statement.

On my Debian stable/Jessie box, apt-cache policy reports I have

Installed: 0.5+snapshot20160426-1~bpo8+1

On this one, I had to delete the flush statement from the nftables.conf file.

I haven't tried the Jessie-backports version. The apt-cache policy command says the version of nftables in Jessie-backports is

0.6-1~bpo8+1

if I'm reading it correctly.

So...

Debian Jessie - nftables 0.5+snapshot20160426-1~bpo8+1 - problem exists (my experience)
Debian Jessie-backports - nftables 0.6-1~bpo8+1 - problem exists (per hughparker1's experience)
Debia Stretch - nftables 0.6-1 - problem is fixed (my experience)

Ben

tynman · 2016-06-20 00:48:56

This page https://bugs.debian.org/cgi-bin/bugrepo … bug=775705 suggests the problem affects kernels prior to release 3.18. It also suggests the problem is too minor to worry about. Well OK. if you put it that way.

Anyway. that's consistent with what I have seen on my two workstations. My Debian Jessie/stable box (flush ruleset fails) has kernel 3.16.0, while my BL-Debian Stretch/testing box (flush ruleset works OK) has 4.5.0. So maybe it's not related to the release of nftables after all. Go figure.

Ben

Head_on_a_Stick · 2016-06-20 06:34:19

tynman wrote:

This page https://bugs.debian.org/cgi-bin/bugrepo … bug=775705 suggests the problem affects kernels prior to release 3.18

That's it!

I am now in my BL system and look:

empty@TheLab ~ % sudo nft list ruleset
table inet filter {
        chain input {
                type filter hook input priority 0; policy accept;
                iif lo accept
                ct state established,related accept
                icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} accept
                counter packets 3 bytes 380 drop
        }
}
empty@TheLab ~ % sudo nft flush ruleset
empty@TheLab ~ % sudo nft list ruleset 
empty@TheLab ~ % uname -a
Linux TheLab 4.5.0-0.bpo.2-amd64 #1 SMP Debian 4.5.4-1~bpo8+1 (2016-05-13) x86_64 GNU/Linux

The system I was testing yesterday used the stock kernel

Thank you very much!

martix · 2016-07-03 19:55:00

I'm just wondering: Does this looks all right?

nft list ruleset
table inet filter {
	chain input {
		type filter hook input priority 0; policy accept;
	}

	chain forward {
		type filter hook forward priority 0; policy accept;
	}

	chain output {
		type filter hook output priority 0; policy accept;
	}
}

Somehow it's different to the result I had before and I'm just not sure why.

Head_on_a_Stick · 2016-07-03 20:38:25

Hey martix

martix wrote:

Does this looks all right?

No, the package has changed the stock configuration file so there is an extra step required now:

sudo cp /usr/share/doc/nftables/examples/syntax/workstation /etc/nftables.conf

Then restart the .service:

sudo systemctl restart nftables.service

cloverskull · 2016-07-03 22:28:34

@HoaS - have you tried ufw? It's excellent, lightweight, painfully simple, and works quite well. I'm happy to write up a quick howto if you think it's beneficial.

In fact, I think I may do it anyway. Starting new thread, huzzah!

martix · 2016-07-04 16:06:09

Head_on_a_Stick wrote:

No, the package has changed the stock configuration file so there is an extra step required now

Indeed, thank you, that solved the issue!

It's a bit surprising though if the firewall configuration changes without notice. Probably I missed some release note somewhere. Anyhow it looks now like the output you posted.

Sector11 · 2017-06-09 19:32:13

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHH!

Start:

 09 Jun 17 @ 16:06:34 ~
   $ sudo apt-get install -t jessie-backports nftables linux-image-amd64
[sudo] password for sector11: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following package was automatically installed and is no longer required:
  libuuid-perl
Use 'apt-get autoremove' to remove it.
The following extra packages will be installed:
  irqbalance libjansson4 libnftnl4 linux-base linux-image-4.9.0-0.bpo.3-amd64
Suggested packages:
  linux-doc-4.9 debian-kernel-handbook
The following NEW packages will be installed:
  irqbalance libjansson4 libnftnl4 linux-image-4.9.0-0.bpo.3-amd64 linux-image-amd64 nftables
The following packages will be upgraded:
  linux-base
1 upgraded, 6 newly installed, 0 to remove and 173 not upgraded.
Need to get 38.8 MB of archives.
After this operation, 192 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://ftp.us.debian.org/debian/ jessie/main libjansson4 amd64 2.7-1+deb8u1 [34.1 kB]
Get:2 http://ftp.us.debian.org//debian/ jessie-backports/main libnftnl4 amd64 1.0.7-1~bpo8+1 [65.1 kB]
Get:3 http://ftp.us.debian.org//debian/ jessie-backports/main nftables amd64 0.6-1~bpo8+1 [132 kB]
Get:4 http://ftp.us.debian.org//debian/ jessie-backports/main linux-base all 4.3~bpo8+1 [19.0 kB]
Get:5 http://ftp.us.debian.org//debian/ jessie-backports/main linux-image-4.9.0-0.bpo.3-amd64 amd64 4.9.25-1~bpo8+1 [38.5 MB]
Get:6 http://ftp.us.debian.org//debian/ jessie-backports/main linux-image-amd64 amd64 4.9+80~bpo8+1 [7,108 B]                                
Get:7 http://ftp.us.debian.org//debian/ jessie-backports/main irqbalance amd64 1.1.0-2~bpo8+1 [35.1 kB]                                      
Fetched 38.8 MB in 32s (1,195 kB/s)                                                                                                          
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Reading changelogs... Done
Preconfiguring packages ...
Selecting previously unselected package libjansson4:amd64.
(Reading database ... 204022 files and directories currently installed.)
Preparing to unpack .../libjansson4_2.7-1+deb8u1_amd64.deb ...
Unpacking libjansson4:amd64 (2.7-1+deb8u1) ...
Selecting previously unselected package libnftnl4:amd64.
Preparing to unpack .../libnftnl4_1.0.7-1~bpo8+1_amd64.deb ...
Unpacking libnftnl4:amd64 (1.0.7-1~bpo8+1) ...
Selecting previously unselected package nftables.
Preparing to unpack .../nftables_0.6-1~bpo8+1_amd64.deb ...
Unpacking nftables (0.6-1~bpo8+1) ...
Preparing to unpack .../linux-base_4.3~bpo8+1_all.deb ...
Unpacking linux-base (4.3~bpo8+1) over (3.5) ...
Selecting previously unselected package linux-image-4.9.0-0.bpo.3-amd64.
Preparing to unpack .../linux-image-4.9.0-0.bpo.3-amd64_4.9.25-1~bpo8+1_amd64.deb ...
Unpacking linux-image-4.9.0-0.bpo.3-amd64 (4.9.25-1~bpo8+1) ... package linux-image-amd64.
Preparing to unpack .../linux-image-amd64_4.9+80~bpo8+1_amd64.deb ...
Unpacking linux-image-amd64 (4.9+80~bpo8+1) ...
Selecting previously unselected package irqbalance.
Preparing to unpack .../irqbalance_1.1.0-2~bpo8+1_amd64.deb ...
Unpacking irqbalance (1.1.0-2~bpo8+1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u7) ...
Setting up libjansson4:amd64 (2.7-1+deb8u1) ...
Setting up libnftnl4:amd64 (1.0.7-1~bpo8+1) ...
Setting up nftables (0.6-1~bpo8+1) ...
Setting up linux-base (4.3~bpo8+1) ...
Setting up linux-image-4.9.0-0.bpo.3-amd64 (4.9.25-1~bpo8+1) ...
I: /initrd.img.old is now a symlink to boot/initrd.img-3.16.0-4-amd64
I: /vmlinuz is now a symlink to boot/vmlinuz-4.9.0-0.bpo.3-amd64
I: /initrd.img is now a symlink to boot/initrd.img-4.9.0-0.bpo.3-amd64
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.9.0-0.bpo.3-amd64
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-4.9.0-0.bpo.3-amd64
Found initrd image: /boot/initrd.img-4.9.0-0.bpo.3-amd64
Found linux image: /boot/vmlinuz-3.16.0-4-amd64
Found initrd image: /boot/initrd.img-3.16.0-4-amd64
Found BunsenLabs GNU/Linux 8.7 (Hydrogen) (8.7) on /dev/sda1
done
Setting up linux-image-amd64 (4.9+80~bpo8+1) ...
Setting up irqbalance (1.1.0-2~bpo8+1) ...
Processing triggers for libc-bin (2.19-18+deb8u9) ...
Processing triggers for systemd (215-17+deb8u7) ...
 
 09 Jun 17 @ 16:08:20 ~
   $ sudo cp /usr/share/doc/nftables/examples/syntax/workstation /etc/nftables.conf
 
 09 Jun 17 @ 16:09:07 ~
   $ sudo systemctl start nftables
Job for nftables.service failed. See 'systemctl status nftables.service' and 'journalctl -xn' for details.
 
 09 Jun 17 @ 16:09:29 ~
   $ systemctl status nftables.service
● nftables.service - nftables
   Loaded: loaded (/lib/systemd/system/nftables.service; disabled)
   Active: failed (Result: exit-code) since Fri 2017-06-09 16:09:29 -03; 36s ago
     Docs: man:nft(8)
           http://wiki.nftables.org
  Process: 26628 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=1/FAILURE)
 Main PID: 26628 (code=exited, status=1/FAILURE)

did:

 09 Jun 17 @ 16:11:36 ~
   $ apt-cache policy nftables
nftables:
  Installed: 0.6-1~bpo8+1
  Candidate: 0.6-1~bpo8+1
  Version table:
 *** 0.6-1~bpo8+1 0
        100 http://ftp.us.debian.org//debian/ jessie-backports/main amd64 Packages
        100 /var/lib/dpkg/status

did:

 09 Jun 17 @ 16:11:38 ~
   $ grep -R backports /etc/apt/sources.list{,.d/*}
/etc/apt/sources.list:deb http://ftp.us.debian.org//debian jessie-backports main contrib non-free
/etc/apt/sources.list:# deb http://httpredir.debian.org/debian jessie-backports main contrib non-free
/etc/apt/sources.list.d/bunsen-jessie-backports.list:deb http://pkg.bunsenlabs.org/debian jessie-backports main

then I did:

 09 Jun 17 @ 16:11:49 ~
   $ sudo journalctl -xn
[sudo] password for sector11: 
 
 09 Jun 17 @ 16:16:18 ~
   $ systemctl start nftables
Failed to start nftables.service: Access denied
 
 09 Jun 17 @ 16:16:22 ~
   $ sudo systemctl start nftables
Job for nftables.service failed. See 'systemctl status nftables.service' and 'journalctl -xn' for details.
 
 09 Jun 17 @ 16:16:30 ~
   $ systemctl list-unit-files | grep enabled
cups.path                              enabled 
anacron-resume.service                 enabled 
anacron.service                        enabled 
atd.service                            enabled 
avahi-daemon.service                   enabled 
cron.service                           enabled 
cups.service                           enabled 
dbus-org.freedesktop.Avahi.service     enabled 
display-manager.service                enabled 
getty@.service                         enabled 
hwclock-save.service                   enabled 
lightdm.service                        enabled 
lm-sensors.service                     enabled 
pppd-dns.service                       enabled 
rsyslog.service                        enabled 
smartd.service                         enabled 
syslog.service                         enabled 
vnstat.service                         enabled 
avahi-daemon.socket                    enabled 
cups.socket                            enabled 
remote-fs.target                       enabled 
bunsen-pepperflash.timer               enabled 
 
 09 Jun 17 @ 16:17:24 ~
   $ sudo systemctl enable nftables.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nftables.service to /lib/systemd/system/nftables.service.
 
 09 Jun 17 @ 16:18:10 ~
   $ sudo nft list ruleset
 
 09 Jun 17 @ 16:19:03 ~
   $ systemctl status nftables.service
● nftables.service - nftables
   Loaded: loaded (/lib/systemd/system/nftables.service; enabled)
   Active: failed (Result: exit-code) since Fri 2017-06-09 16:16:30 -03; 3min 1s ago
     Docs: man:nft(8)
           http://wiki.nftables.org
 Main PID: 27416 (code=exited, status=1/FAILURE)
 
 09 Jun 17 @ 16:19:31 ~
   $

And I think (danger: thinking) it might be an ip6 thing.

 09 Jun 17 @ 16:26:09 ~
   $ cat /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority 0;

		# accept any localhost traffic
		iif lo accept

		# accept traffic originated from us
		ct state established,related accept

		# activate the following line to accept common local services
		#tcp dport { 22, 80, 443 } ct state new accept

		# accept neighbour discovery otherwise IPv6 connectivity breaks.
		ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert } accept

		# count and drop any other traffic
		counter drop
	}
}
 
 09 Jun 17 @ 16:30:03 ~
   $

S11 doesn't have ip6 - nor a router Now what?

HELP!

Head_on_a_Stick · 2017-06-09 19:39:04

What do these say:

sudo systemctl start nftables
sudo journalctl -u nftables

Last edited by Head_on_a_Stick (2017-06-09 19:51:34)

Sector11 · 2017-06-09 20:01:13

Head_on_a_Stick wrote:

What do these say:

sudo systemctl start nftables
sudo journalctl -u nftables

sudo systemctl start nftables

 09 Jun 17 @ 16:56:10 ~
   $ sudo systemctl start nftables
[sudo] password for sector11: 
Job for nftables.service failed. See 'systemctl status nftables.service' and 'journalctl -xn' for details.

See 'systemctl status nftables.service' and 'journalctl -xn' below.

sudo journalctl -u nftables

-- Logs begin at Fri 2017-06-09 09:01:26 -03, end at Fri 2017-06-09 16:56:28 -03. --
Jun 09 16:09:28 bunsen systemd[1]: Starting nftables...
Jun 09 16:09:29 bunsen nft[26628]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:09:29 bunsen nft[26628]: flush ruleset
Jun 09 16:09:29 bunsen nft[26628]: ^^^^^^^^^^^^^^
Jun 09 16:09:29 bunsen nft[26628]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:09:29 bunsen nft[26628]: flush ruleset
Jun 09 16:09:29 bunsen nft[26628]: ^^^^^^^^^^^^^^
Jun 09 16:09:29 bunsen nft[26628]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:09:29 bunsen nft[26628]: flush ruleset
Jun 09 16:09:29 bunsen nft[26628]: ^^^^^^^^^^^^^^
Jun 09 16:09:29 bunsen nft[26628]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:09:29 bunsen nft[26628]: flush ruleset
Jun 09 16:09:29 bunsen nft[26628]: ^^^^^^^^^^^^^^
Jun 09 16:09:29 bunsen nft[26628]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:09:29 bunsen nft[26628]: flush ruleset
Jun 09 16:09:29 bunsen nft[26628]: ^^^^^^^^^^^^^^
Jun 09 16:09:29 bunsen nft[26628]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:09:29 bunsen nft[26628]: flush ruleset
Jun 09 16:09:29 bunsen nft[26628]: ^^^^^^^^^^^^^^
Jun 09 16:09:29 bunsen systemd[1]: ^[[1;39mnftables.service: main process exited, code=exited, status=1/FAILURE
Jun 09 16:09:29 bunsen systemd[1]: Failed to start nftables.
Jun 09 16:09:29 bunsen systemd[1]: ^[[1;39mUnit nftables.service entered failed state.
Jun 09 16:16:30 bunsen systemd[1]: Starting nftables...
Jun 09 16:16:30 bunsen nft[27416]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:16:30 bunsen nft[27416]: flush ruleset
Jun 09 16:16:30 bunsen nft[27416]: ^^^^^^^^^^^^^^
Jun 09 16:16:30 bunsen systemd[1]: ^[[1;39mnftables.service: main process exited, code=exited, status=1/FAILURE
Jun 09 16:16:30 bunsen systemd[1]: Failed to start nftables.
Jun 09 16:16:30 bunsen systemd[1]: ^[[1;39mUnit nftables.service entered failed state.
Jun 09 16:25:59 bunsen systemd[1]: Starting nftables...
Jun 09 16:25:59 bunsen nft[29649]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:25:59 bunsen nft[29649]: flush ruleset
Jun 09 16:25:59 bunsen nft[29649]: ^^^^^^^^^^^^^^
Jun 09 16:25:59 bunsen systemd[1]: ^[[1;39mnftables.service: main process exited, code=exited, status=1/FAILURE
Jun 09 16:25:59 bunsen systemd[1]: Failed to start nftables.
Jun 09 16:25:59 bunsen systemd[1]: ^[[1;39mUnit nftables.service entered failed state.
Jun 09 16:56:17 bunsen systemd[1]: Starting nftables...
Jun 09 16:56:17 bunsen nft[3054]: /etc/nftables.conf:3:1-14: Error: Could not process rule: Address family not supported by protocol
Jun 09 16:56:17 bunsen nft[3054]: flush ruleset
Jun 09 16:56:17 bunsen nft[3054]: ^^^^^^^^^^^^^^
Jun 09 16:56:17 bunsen systemd[1]: ^[[1;39mnftables.service: main process exited, code=exited, status=1/FAILURE
Jun 09 16:56:17 bunsen systemd[1]: Failed to start nftables.
Jun 09 16:56:17 bunsen systemd[1]: ^[[1;39mUnit nftables.service entered failed state.

systemctl status nftables.service

 09 Jun 17 @ 16:57:34 ~
   $ systemctl status nftables.service
● nftables.service - nftables
   Loaded: loaded (/lib/systemd/system/nftables.service; enabled)
   Active: failed (Result: exit-code) since Fri 2017-06-09 16:56:17 -03; 2min 17s ago
     Docs: man:nft(8)
           http://wiki.nftables.org
  Process: 3054 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=1/FAILURE)
 Main PID: 3054 (code=exited, status=1/FAILURE)
 
 09 Jun 17 @ 16:58:34 ~
   $

sudo journalctl -xn

-- Logs begin at Fri 2017-06-09 09:01:26 -03, end at Fri 2017-06-09 16:59:22 -03. --
Jun 09 16:56:17 bunsen nft[3054]: ^^^^^^^^^^^^^^
Jun 09 16:56:17 bunsen systemd[1]: ^[[1;39mnftables.service: main process exited, code=exited, status=1/FAILURE
Jun 09 16:56:17 bunsen systemd[1]: Failed to start nftables.
-- Subject: Unit nftables.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit nftables.service has failed.
--
-- The result is failed.
Jun 09 16:56:17 bunsen systemd[1]: ^[[1;39mUnit nftables.service entered failed state.
Jun 09 16:56:17 bunsen sudo[3046]: pam_unix(sudo:session): session closed for user root
Jun 09 16:56:28 bunsen sudo[3072]: ^[[1;39msector11 : TTY=pts/0 ; PWD=/home/sector11 ; USER=root ; COMMAND=/bin/journalctl -u nftables
Jun 09 16:56:28 bunsen sudo[3072]: pam_unix(sudo:session): session opened for user root by sector11(uid=0)
Jun 09 16:57:34 bunsen sudo[3072]: pam_unix(sudo:session): session closed for user root
Jun 09 16:59:22 bunsen sudo[3432]: ^[[1;39msector11 : TTY=pts/0 ; PWD=/home/sector11 ; USER=root ; COMMAND=/bin/journalctl -xn
Jun 09 16:59:22 bunsen sudo[3432]: pam_unix(sudo:session): session opened for user root by sector11(uid=0)

Head_on_a_Stick · 2017-06-09 20:08:00

Try commenting out this line from /etc/nftables.conf:

# flush ruleset

Sorry but I'm in OpenBSD atm so I can't test directly.

Sector11 · 2017-06-09 20:08:10

ifconfig tells me ip6 so that's cleared up.

Sector11 · 2017-06-09 20:12:55

Head_on_a_Stick wrote:

Try commenting out this line from /etc/nftables.conf:
# flush ruleset
Sorry but I'm in OpenBSD atm so I can't test directly.

Done ... where do I start now?

Sector11 · 2017-06-09 20:15:51

OK, that worked ....

 09 Jun 17 @ 17:14:23 ~
   $ sudo systemctl start nftables
[sudo] password for sector11: 
 
 09 Jun 17 @ 17:14:30 ~
   $ systemctl status nftables.service
● nftables.service - nftables
   Loaded: loaded (/lib/systemd/system/nftables.service; enabled)
   Active: active (exited) since Fri 2017-06-09 17:11:42 -03; 3min 3s ago
     Docs: man:nft(8)
           http://wiki.nftables.org
  Process: 6030 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
 Main PID: 6030 (code=exited, status=0/SUCCESS)
 
 09 Jun 17 @ 17:14:46 ~
   $ sudo systemctl enable nftables
 
 09 Jun 17 @ 17:15:46 ~
   $ systemctl list-unit-files | grep enabled
cups.path                              enabled 
anacron-resume.service                 enabled 
anacron.service                        enabled 
atd.service                            enabled 
avahi-daemon.service                   enabled 
cron.service                           enabled 
cups.service                           enabled 
dbus-org.freedesktop.Avahi.service     enabled 
display-manager.service                enabled 
getty@.service                         enabled 
hwclock-save.service                   enabled 
lightdm.service                        enabled 
lm-sensors.service                     enabled 
nftables.service                       enabled 
pppd-dns.service                       enabled 
rsyslog.service                        enabled 
smartd.service                         enabled 
syslog.service                         enabled 
vnstat.service                         enabled 
avahi-daemon.socket                    enabled 
cups.socket                            enabled 
remote-fs.target                       enabled 
bunsen-pepperflash.timer               enabled 
 
 09 Jun 17 @ 17:16:17 ~
   $

Thank you!

====================
EDIT: According to the "email" I got I beat you to it see I have "A Round Tuit".

Last edited by Sector11 (2017-06-09 20:29:56)

Sector11 · 2017-06-09 20:19:13

So now for the first time in Linuxlandia I have a firewall?

Well, I played with one back in Ubuntu days 2007/8 but never got it to work so gave up.

Wouldn't it be a good idea to have this as a default setting?

Head_on_a_Stick · 2017-06-09 20:24:02

Sector11 wrote:

So now for the first time in Linuxlandia I have a firewall?

Looks like it, yes

Wouldn't it be a good idea to have this as a default setting?

Perhaps for Helium/stretch (nftables is only in jessie-backports), but as I said most users do not require a firewall and we usually adopt the upstream default.

#41 2016-06-18 21:15:15

Re: Firewall for the lazy

#42 2016-06-18 21:16:31

Re: Firewall for the lazy

#43 2016-06-19 12:24:15

Re: Firewall for the lazy

#44 2016-06-19 12:27:28

Re: Firewall for the lazy

#45 2016-06-19 18:21:15

Re: Firewall for the lazy

#46 2016-06-20 00:48:56

Re: Firewall for the lazy

#47 2016-06-20 06:34:19

Re: Firewall for the lazy

#48 2016-07-03 19:55:00

Re: Firewall for the lazy

#49 2016-07-03 20:38:25

Re: Firewall for the lazy

#50 2016-07-03 22:28:34

Re: Firewall for the lazy

#51 2016-07-04 16:06:09

Re: Firewall for the lazy

#52 2017-06-09 19:32:13

Re: Firewall for the lazy

#53 2017-06-09 19:39:04

Re: Firewall for the lazy

#54 2017-06-09 20:01:13

Re: Firewall for the lazy

#55 2017-06-09 20:08:00

Re: Firewall for the lazy

#56 2017-06-09 20:08:10

Re: Firewall for the lazy

#57 2017-06-09 20:12:55

Re: Firewall for the lazy

#58 2017-06-09 20:15:51

Re: Firewall for the lazy

#59 2017-06-09 20:19:13

Re: Firewall for the lazy

#60 2017-06-09 20:24:02

Re: Firewall for the lazy

Board footer