I read somewhere that this is now fully supported by the >= 3.13 kernel. Maybe it becomes interesting as LFS now has 3.13 too.

Another nftables-howto:

Owner: changed from blfs-book@… to bdubbs@…
This package requires libmnl-1.0.3.tar.bz2 and libnftnl-1.0.0. Both of those build and install as simple CMMI. I built nftables-0.100 also as a CMMI, but executing a simple 'nft --help' gives a segfault. My current kernel is 3.11.4, but that shouldn't create a segfault for help.

I did try to pass ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes to configure, but that didn't help.

Using strace, I get:

socket(PF_NETLINK, SOCK_RAW, 12)        = -1 EPROTONOSUPPORT (Protocol not supported)
write(2, "Memory allocation failure\n", 26Memory allocation failure
) = 26
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
+++ killed by SIGSEGV +++
Segmentation fault

Searching the source, it looks like I'll need to boot to the 3.13 kernel to test this out. I may not get to that for a few days.

Another issue: make want to create a pdf for documentation and the build procedure errors out. I can disable it with a sed, but that will also take some time to figure out.

I will build a 3.13.1 kernel tomorrow and will try.

I see you have just built the 3.13.1 kernel, so, I will do it perhaps later than tomorrow.

Rebooted to 3.13.1 and at least ./nft --help worked. I wasn't sure what kernel options to use so I created most as modules. The only one loaded right now is nfnetlink. To use this package properly, I think we need a whole new section on fire-walling with nft. I don't know that this will make it into 7.5 or not.

comment:7 by Fernando de Oliveira, 7 years ago


Below, a link that you probably already know. May be useful to anybody arriving here and trying to understand this and perhaps, wishing to discuss in dev.

Milestone: current7.6

Milestone: 7.6future
Owner: changed from bdubbs@… to blfs-book@…
Status: assignednew

Moving to future. The package is still beta at best. There is no documentation other than an xml file that was committed in 2009 (and written something before that -- apparently 2008). Generating the man page via the Makefile requires additional tools not in BLFS.

The man page can be generated with some FIXME entries with: xsltproc -nonet nftables.xml

The contents of the man page are wrong. The program is referred to as nftables when in fact it is nft. I don't know about the accuracy of the rest after 6 years of development.

Let's let this package mature a bit

Priority: normallow

Summary: New package: nftables-0.100Add nftables-0.100

Description: modified (diff)
Severity: normalminor
Summary: Add nftables-0.100Add nftables-0.6

Changed to nftables 0.6. Should this be put on hold?

I'm not sure putting it on hold would be the best idea. The "hold" milestone is basically packages that we are waiting for / waiting to update (As far as I understand it). The future milestone consists of tasks that we might do in the future, but are very low priority.

comment:14 by Samuel, 5 years ago

Ok. I'll just leave it. I didn't really know what's the hold milestone was for, so I was just putting the question out there.

Milestone: futurex-future

Milestone renamed

Description: modified (diff)
Summary: Add nftables-0.6Add nftables-0.8

Owner: changed from blfs-book@… to bdubbs@…

Owner: changed from bdubbs@… to blfs-book

comment:19 by DJ Lucas, 3 years ago


./configure --prefix=/usr &&
make &&
make install &&
mv -v /usr/lib/* /lib &&
ln -sfv ../../lib/$(readlink /usr/lib/ /usr/lib/


./configure --prefix=/usr &&
make &&
make install &&
mv -v /usr/lib/* /lib &&
ln -sfv ../../lib/$(readlink /usr/lib/ /usr/lib/


Optional deps:


iptables/--with-xtables (reciprocal)


./configure --prefix=/usr --sbindir=/sbin --sysconfdir=/etc --disable-man-doc &&
make &&
make install &&
mv -v /usr/lib/* /lib &&
ln -sfv ../../lib/$(readlink /usr/lib/ /usr/lib/
Milestone: x-future9.1
Owner: changed from blfs-book to DJ Lucas
Priority: lownormal
Status: newassigned

This now required for firewalld on systemd.

Summary: Add nftables-0.8Add nftables-0.9.2

Resolution: fixed
Status: assignedclosed

Fixed in r22301.

Hi DJ, do I need to add a unit for nftables to the units tarball?

