Having moved a DT PC to Debian 11 and liked the results, I decided to swap a laptop over to Debian 12
it went like this;-
Using a debian-12.5.0-amd64-netinst.iso where the SHA512 and signature verified o.k & Good using
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
Selected Xfce and cleared the Gnome selection.
Install proceeded with ethernet connected and finished o.k.
Next step was disconnect ethernet, reboot and enable firewall, my first job always.
Previously I had used ufw on some Linux installs, however pre install reading produced;-
“nftables is the default and recommended firewalling framework in Debian” and a forum
viewtopic.php?t=143876 which covered loading a set of workstation nft rules for a basic firewall.
Should be easy, I thought, thanks to all the Debian documentation. However, checked synaptic and found that iptables was not installed but nftables was and proceeded thus;-
nano checked that copy o.kenable & start nftables
restart same result.
what, no nft cmd?? Cannot tell if FW working must assume not.
Ran Xfce live which produced the following for the above input steps
for the same input steps nft list works.
Assuming that the nft firewall is working does the above rules cover ethernet & wifi ?
So I think I need some help![:-)]( "Smile")
it went like this;-
Using a debian-12.5.0-amd64-netinst.iso where the SHA512 and signature verified o.k & Good using
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
Selected Xfce and cleared the Gnome selection.
Install proceeded with ethernet connected and finished o.k.
Next step was disconnect ethernet, reboot and enable firewall, my first job always.
Previously I had used ufw on some Linux installs, however pre install reading produced;-
“nftables is the default and recommended firewalling framework in Debian” and a forum
viewtopic.php?t=143876 which covered loading a set of workstation nft rules for a basic firewall.
Should be easy, I thought, thanks to all the Debian documentation. However, checked synaptic and found that iptables was not installed but nftables was and proceeded thus;-
Code:
# cp /usr/share/doc/nftables/examples/workstation.nft /etc/nftables.conf# nano /etc/nftables.confCode:
# systemctl enable nftablesCreated symlink /etc/systemd/system/sysinit.target.wants/nftables.service → /lib/systemd/system/nftables.service.# systemctl start nftablesCode:
# nft list rulesetbash: nft: command not found#Code:
:/# cat /etc/debian_version12.5Ran Xfce live which produced the following for the above input steps
Code:
user@debian:~$ sudo nft list rulesettable inet filter {chain input {type filter hook input priority filter; policy accept;iif "lo" acceptct state established,related accepticmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, 148, 149 } acceptip6 saddr fe80::/10 icmpv6 type { mld-listener-query, mld-listener-report, mld-listener-done, mld2-listener-report, 151, 152, 153 } acceptcounter packets 0 bytes 0 drop}}user@debian:~$ Assuming that the nft firewall is working does the above rules cover ethernet & wifi ?
So I think I need some help
Statistics: Posted by Theuthr — 2024-05-31 23:35 — Replies 1 — Views 28