Nftables Not Working (missing Kernel Modules?)

Home » CentOS » Nftables Not Working (missing Kernel Modules?)
CentOS No Comments

It seems like I’m missing some modules or something?

I can’t seem to load the default /etc/nftables/main.nft on my CentOS 8
ISO. I get the following errors:

“`
nft -f /etc/nftables/main.nft
/etc/nftables/main.nft:21:6-22: Error: Could not process rule:
Operation not supported set allowed_protocols {
^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:21:6-22: Error: Could not process rule: No such file or directory set allowed_protocols {
^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:27:6-23: Error: Could not process rule:
Operation not supported set allowed_interfaces {
^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:27:6-23: Error: Could not process rule: No such file or directory set allowed_interfaces {
^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:33:6-23: Error: Could not process rule:
Operation not supported set allowed_tcp_dports {
^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:33:6-23: Error: Could not process rule: No such file or directory set allowed_tcp_dports {
^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:40:3-37: Error: Could not process rule: No such file or directory ct state established,related accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:42:3-40: Error: Could not process rule: No such file or directory meta l4proto @allowed_protocols accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:43:3-36: Error: Could not process rule: No such file or directory iifname @allowed_interfaces accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:44:3-38: Error: Could not process rule: No such file or directory tcp dport @allowed_tcp_dports accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables/main.nft:53:3-41: Error: Could not process rule: No such file or directory reject with icmpx type port-unreachable
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
“`

After loading some modules, the errors are reduced to just one.

“`
nf_defrag_ipv6
nf_defrag_ipv4
nft_ct nf_conntrack nf_tables_set nf_tables nfnetlink
“`

What could I still be missing here? Is there a way to simply get full support to do firewalling in these cases?

“`
nft -f /etc/nftables/main.nft
/etc/nftables/main.nft:53:3-41: Error: Could not process rule: No such file or directory reject with icmpx type port-unreachable
“`