search

Tunnelsats / tunnelsats

Tunnel⚡Sats: Pre-configured VPN for Lightning Nodes
https://tunnelsats.github.io/tunnelsats/
MIT License
34 stars 9 forks source link

set component requires nftables v0.9.7 and kernel 5.10 #22

Closed blckbx closed 2 years ago

blckbx commented 2 years ago

https://wiki.nftables.org/wiki-nftables/index.php/Sets:

Set names must be 16 characters or less. The optional set comment attribute requires at least nftables 0.9.7 and kernel 5.10.

Currently we don't comply to this rule and may therefore experience issues on older (Debian 10) setups using nftables 0.9.6 and older.

blckbx commented 2 years ago

Even with shorter set component names (< 16chars), nftables throws the same error:

-- A start job for unit nftables.service has begun execution.
--
-- The job identifier is 41278.
Sep 06 14:49:21 umbrel nft[17224]: /etc/nftables.conf:3:7-10: Error: Could not process rule: Operation not supported
Sep 06 14:49:21 umbrel nft[17224]:   set ksts {
Sep 06 14:49:21 umbrel nft[17224]:       ^^^^
Sep 06 14:49:21 umbrel nft[17224]: /etc/nftables.conf:3:7-10: Error: Could not process rule: No such file or directory
Sep 06 14:49:21 umbrel nft[17224]:   set ksts {
Sep 06 14:49:21 umbrel nft[17224]:       ^^^^
Sep 06 14:49:21 umbrel systemd[1]: nftables.service: Main process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit nftables.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Sep 06 14:49:21 umbrel sudo[15540]: pam_unix(sudo:session): session closed for user root
Sep 06 14:49:22 umbrel nft[17224]: /etc/nftables.conf:10:5-72: Error: Could not process rule: No such file or directory
Sep 06 14:49:22 umbrel nft[17224]:     oifname eth0 ip daddr != 192.168.2.0/24 ip saddr @ksts counter  drop
Sep 06 14:49:22 umbrel nft[17224]:     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 06 14:49:22 umbrel nft[17224]: /etc/nftables.conf:15:5-69: Error: Could not process rule: No such file or directory
Sep 06 14:49:22 umbrel nft[17224]:     iifname tunnelsatsv2  ct state established,related counter accept
Sep 06 14:49:22 umbrel nft[17224]:     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Sep 06 14:49:21 umbrel systemd[1]: nftables.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit nftables.service has entered the 'failed' state with result 'exit-code'.
Sep 06 14:49:21 umbrel systemd[1]: Failed to start nftables.
-- Subject: A start job for unit nftables.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit nftables.service has finished with a failure.
--
-- The job identifier is 41278 and the job result is failed.

system stats:

blckbx commented 2 years ago

Related #21

ziggie1984 commented 2 years ago

sets even work with nftables v0.9.6 (Capital Idea #2) + kernel Linux 5.10.103-v8+ aarch64