Hi everyone,
Request for your kind help related to nft commands not working.
I always get below error for nft commands when i run.
Error: Could not process rule: Operation not supported
Debian - 10.
root@localhost:~# uname -a
Linux localhost 4.19.81-OpenNetworkLinux-thanos #1 SMP Tue Apr 28 08:24:05 UTC 2020 x86_64 GNU/Linux
Checked nft dependensies:
root@localhost:~# sudo dpkg-query -l | grep nft
ii libnftables0:amd64 0.9.0-2 amd64 Netfilter nftables high level userspace API library
ii libnftnl11:amd64 1.1.2-2 amd64 Netfilter nftables userspace API library
ii nftables 0.9.0-2 amd64 Program to control packet filtering rules by Netfilter project
ii libmnl0:amd64 1.0.4-2 amd64 minimalistic Netlink communication library
1) root@localhost:~# nft --debug all flush ruleset
2) root@localhost:~# nft --debug all add table ip filter
Below is the debug output for the above add command
"
Entering state 0
Reducing stack by rule 1 (line 747):
$$ = nterm input (: )
Stack now 0
Entering state 1
Reading a token: --accepting rule at line 275 ("add")
Next token is token "add" (: )
Shifting token "add" (: )
Entering state 19
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 245 ("table")
Next token is token "table" (: )
Shifting token "table" (: )
Entering state 10
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 388 ("ip")
Next token is token "ip" (: )
Shifting token "ip" (: )
Entering state 35
Reducing stack by rule 246 (line 1845):
$1 = token "ip" (: )
$$ = nterm family_spec_explicit (: )
Stack now 0 1 19 10
Entering state 47
Reducing stack by rule 245 (line 1842):
$1 = nterm family_spec_explicit (: )
$$ = nterm family_spec (: )
Reducing stack by rule 245 (line 1842):
$1 = nterm family_spec_explicit (: )
$$ = nterm family_spec (: )
Stack now 0 1 19 10
Entering state 46
Reading a token: --accepting rule at line 631 (" ")
--accepting rule at line 602 ("filter")
Next token is token "string" (: )
Shifting token "string" (: )
Entering state 53
Reducing stack by rule 239 (line 1818):
$1 = token "string" (: )
$$ = nterm identifier (: )
Stack now 0 1 19 10 46
Entering state 250
Reducing stack by rule 252 (line 1853):
$1 = nterm family_spec (: )
$2 = nterm identifier (: )
$$ = nterm table_spec (: )
Stack now 0 1 19 10
Entering state 57
Reading a token: --accepting rule at line 611 ("
")
Next token is token "newline" (: )
Reducing stack by rule 31 (line 874):
$1 = token "table" (: )
$2 = nterm table_spec (: )
$$ = nterm add_cmd (: )
Stack now 0 1 19
Entering state 66
Reducing stack by rule 17 (line 858):
$1 = token "add" (: )
$2 = nterm add_cmd (: )
$$ = nterm base_cmd (: )
Stack now 0 1
Entering state 44
Next token is token "newline" (: )
Shifting token "newline" (: )
Entering state 4
Reducing stack by rule 3 (line 766):
$1 = token "newline" (: )
$$ = nterm stmt_separator (: )
Stack now 0 1 44
Entering state 249
Reducing stack by rule 14 (line 824):
$1 = nterm base_cmd (: )
$2 = nterm stmt_separator (: )
$$ = nterm line (: )
Stack now 0 1
Entering state 43
Reducing stack by rule 2 (line 748):
$1 = nterm input (: )
$2 = nterm line (: )
Evaluate add
add table ip filter
^^^^^^^^^^^^^^^^^^^^
$$ = nterm input (: )
Stack now 0
Entering state 1
Reading a token: --(end of buffer or a NUL)
--EOF (start condition 0)
Now at end of input.
Shifting token "end of file" (: )
Entering state 2
Stack now 0 1 2
Cleanup: popping token "end of file" (: )
Cleanup: popping nterm input (: )
---------------- ------------------
| 0000000020 | | message length |
| 00016 | R--- | | type | flags |
| 0000000000 | | sequence number|
| 0000000000 | | port ID |
---------------- ------------------
| 00 00 0a 00 | | extra header |"
.....
Error: Could not process rule: Operation not supported
flush ruleset
^^^^^^^^^^^^^^
Appreciate your help.
Thanks all,
Santosh
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)