Installing nftables inside disp sys-dns

lookuh · September 13, 2025, 4:02pm

1… goal:
…installed nftables in templatevm debian-12-xfce
… run them in disp q sys-dns…(disp q sys-dns has 2 templates if that matters)

2… templatevm:
…created “/etc/nftables.conf”
… added nftables

TEMPLATEVM DEBIAN-12-XFCE:

sudo apt install nftables
sudo nano /etc/nftables.conf
added nftables to #2

SYS-DNS:

create directory:
…sudo mkdir -p /rw/config/nftables
create nftables file:
…sudo nano /rw/config/nftables/rules.nft
add nftables to #2

4… create file for loading rules to boot auto:
…sudo nano /rw/config/rc.local

5… add to #4:
…nft -f /rw/config/nftables/rules.nft

sudo chmod +x /rw/config/rc.local
sudo systemctl enable nftables
sudo systemctl start nftables
sudo nft list ruleset

Atrate · September 13, 2025, 4:14pm

Shouldn’t this be nft -f /rw/config/nftables/rules.nft?

lookuh · September 13, 2025, 4:33pm

thx…it was just a typo in my post!

MellowPoison · September 14, 2025, 5:06am

Nftables is already preinstalled in the default debian-12-xfce template.
You should add your custom firewall rules here:

lookuh · September 14, 2025, 6:14pm

Yeah, i looked at them, but limited success…

Can anyone glance at this & see either why rules not staying persistent or say whether or not rules need to bewritten in sys-dns or copied over from templatevm…?

Did this previously w/success. This time close but something is off…

thanks

MellowPoison · September 14, 2025, 6:20pm

If your sys-dns is a named disposable, then you need to make changes in its disposable template.
For example, sys-dns template is set to default-dvm disposable template and the template of default-dvm is debian-12-xfce.
You need to make changes in default-dvm app qube or in debian-12-xfce template.