beta-tester
Posts: 1236
Joined: Fri Jan 04, 2013 1:57 pm
Location: de_DE

Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 6:24 am

hello,
i just flashed the official "2019-06-20-raspbian-buster-lite.zip" to my SD card and plugged it to my RPi Zero.
i know Debian Buster is using by default nftables instead of iptables.
while installing and configuring things (dnsmasq, samba, lighttpd, wireguard) i realized,
that on my Raspbial Buster Lite image only iptables is installed and active.
there is no nftables installed, because i get this:

Code: Select all

:~ $ sudo nft --help
sudo: nft: command not found

Code: Select all

:~ $ sudo dpkg -l | grep -E 'nftables|iptables'
ii  iptables                       1.8.2-4                     armhf        administration tools for packet filtering and NAT
ii  libnftnl11:armhf               1.1.2-2                     armhf        Netfilter nftables userspace API library

Code: Select all

:~ $ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
i didn't tried the other versions of Raspbian Buster (full and the normal one),
but this comment let me think that on Raspbian Buster nftables is installed and active by defalt...
Is been iptables substituted by nftables in Rasbpian Buster?

so is it a mistake, that on the light version is no nftables installed?
can i install nftables simply via sudo apt install nftables, and everything is good now - iptables is deactivated and nftables is active from now on...
or are there more things to do?
{ I only give negative feedback }
RPi Model B (rev1, 256MB) & B (rev2, 512MB) & B+, RPi2B, RPi3B, RPi3B+, RPiZeroW, ...

fruitoftheloom
Posts: 20487
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 6:48 am

beta-tester wrote:
Thu Jul 11, 2019 6:24 am
hello,
i just flashed the official "2019-06-20-raspbian-buster-lite.zip" to my SD card and plugged it to my RPi Zero.
i know Debian Buster is using by default nftables instead of iptables.
while installing and configuring things (dnsmasq, samba, lighttpd, wireguard) i realized,
that on my Raspbial Buster Lite image only iptables is installed and active.
there is no nftables installed, because i get this:

Code: Select all

:~ $ sudo nft --help
sudo: nft: command not found

Code: Select all

:~ $ sudo dpkg -l | grep -E 'nftables|iptables'
ii  iptables                       1.8.2-4                     armhf        administration tools for packet filtering and NAT
ii  libnftnl11:armhf               1.1.2-2                     armhf        Netfilter nftables userspace API library

Code: Select all

:~ $ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
i didn't tried the other versions of Raspbian Buster (full and the normal one),
but this comment let me think that on Raspbian Buster nftables is installed and active by defalt...
Is been iptables substituted by nftables in Rasbpian Buster?

so is it a mistake, that on the light version is no nftables installed?
can i install nftables simply via sudo apt install nftables, and everything is good now - iptables is deactivated and nftables is active from now on...
or are there more things to do?

Already an open recent discussion here:

https://www.raspberrypi.org/forums/view ... 9&t=244256
Retired disgracefully.....

beta-tester
Posts: 1236
Joined: Fri Jan 04, 2013 1:57 pm
Location: de_DE

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 7:09 am

fruitoftheloom wrote:
Thu Jul 11, 2019 6:48 am
beta-tester wrote:
Thu Jul 11, 2019 6:24 am
i didn't tried the other versions of Raspbian Buster (full and the normal one),
but this comment let me think that on Raspbian Buster nftables is installed and active by defalt...
Is been iptables substituted by nftables in Rasbpian Buster?

so is it a mistake, that on the light version is no nftables installed?
can i install nftables simply via sudo apt install nftables, and everything is good now - iptables is deactivated and nftables is active from now on...
or are there more things to do?
Already an open recent discussion here:
https://www.raspberrypi.org/forums/view ... 9&t=244256
that's what i told, that there is a comment...

but it does not explain, how i can get nft commands working, because nftables (at least the nft command) is not (fully) installed on my Raspbian Buster Lite image.

it looks like it is only an issue of Raspbian Buster Lite. the normal Raspbian Buster seems to have the nft command (nftables package) installed.

can i install nftables packet by hand by simply using sudo apt install nftables and everything is working as it should?
or are there more things to do?
{ I only give negative feedback }
RPi Model B (rev1, 256MB) & B (rev2, 512MB) & B+, RPi2B, RPi3B, RPi3B+, RPiZeroW, ...

User avatar
RaTTuS
Posts: 10415
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 7:37 am

sudo apt install nftables
worked for me on lite , not that I've used it but it installs
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

beta-tester
Posts: 1236
Joined: Fri Jan 04, 2013 1:57 pm
Location: de_DE

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 10:32 am

RaTTuS wrote:
Thu Jul 11, 2019 7:37 am
sudo apt install nftables
worked for me on lite , not that I've used it but it installs
thank you...

i installed it but i am still not sure if this was enough,
because i still get the old output from sudo iptables -L,
while in other comments it is reported that it is giving iptables: Operation not supported on other Raspbian Buster installations.
how can i disable the old iptables behavior so that my Raspbian Buster Lite is 100% in line with the nftables configuration as of Raspbian Buster Full or its normal version?
{ I only give negative feedback }
RPi Model B (rev1, 256MB) & B (rev2, 512MB) & B+, RPi2B, RPi3B, RPi3B+, RPiZeroW, ...

User avatar
RaTTuS
Posts: 10415
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 10:37 am

sudo apt remove iptables
?
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

beta-tester
Posts: 1236
Joined: Fri Jan 04, 2013 1:57 pm
Location: de_DE

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 11:00 am

:shock: :oops: :mrgreen:
yes... and no...
yes, i can remove it... stupid me...

no, then i don't get the same behavior of the Raspbian Buster Full...
because on Raspbian Buster Full it is reported to get:

Code: Select all

:~ $ sudo iptables -L
iptables: Operation not supported
but i now get on Raspbian Buster Lite + nftables installed - iptables removed:

Code: Select all

:~ $ sudo iptables -L
iptables: command not found
so, where is the difference in configuration?

is there a creation/configuration script available, to see, how the official Raspbian Buster Full and how Raspbian Buster Lite were configured?
{ I only give negative feedback }
RPi Model B (rev1, 256MB) & B (rev2, 512MB) & B+, RPi2B, RPi3B, RPi3B+, RPiZeroW, ...

User avatar
RaTTuS
Posts: 10415
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Raspbian Buster Lite has iptables but not nftables

Thu Jul 11, 2019 11:05 am

I have to say "No Idea"
and wait for someone with more knowledge
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

Return to “Raspbian”