26 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

Well, answer is easy: The kernel has no support for this. As said: iptables and ufw are not part of any BSD-system. We have taken nft as temporary solution as long as GNU/Linux-libre is there.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

27 Reply by jim (edited by jim 2024-01-12 20:42:34)

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

Okay, please tell me if I consider git parabola (GNU/Linux-libre ) for building iptables, could it work? I also wanted to ask you about several options that I saw on this link https://gitea.artixlinux.org/packages?s … q=iptables , which one should I download to build?

28 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

I do not get the point: You really want to get interfaces back Hyperbola has clearly removed long before. So yes, it would be up to you therefore: You will need to complete rebuild the kernel at minimum. But please understand: I have here no further time to support. We have a focus and this is surely not to reactivate Linux-only interfaces.

As about the mentioned options: You would need a running daemon / service. So those packages you see include different configurations for the different init-systems around in Artix GNU/Linux.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

29 Reply by jim (edited by jim 2024-01-13 10:11:52)

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

Thank you for your answer.

Why was iptables removed? If we analyze, this is the same command (as I already wrote), moreover, nftables requires more dependencies.
https://linuxhandbook.com/iptables-vs-nftables/

It seems to me that there is no need to play the game, let's remove more programs, it will be better for someone)) This example shows this.

The most important thing for protection after installing the distro, no matter whether it’s a server or another location, is not setting up the desktop, but setting up a network filter. Now there is no information in the wiki on how to do this and I need to jump all over the Internet to set up nftables...
You could have left both programs, it wouldn't have done any harm..

If there is no surge protector, you will be hacked even if you use Hyperbola, this is an obvious fact!

iptables https://www.parabola.nu/packages/core/x86_64/iptables/

Dependencies (6)

    bash
    libnetfilter_conntrack
    libnfnetlink
    libnftnl
    libpcap
    linux-api-headers (linux-libre-api-headers ) (make)





nftables  Dependencies (13) https://www.parabola.nu/packages/extra/x86_64/nftables/

    gmp
    jansson
    libmnl
    libnftnl
    ncurses
    readline
    python (optional) - Python bindings
    asciidoc (make)
    python (make)
    python-build (make)
    python-installer (make)
    python-setuptools (make)
    python-wheel (make)

30 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

I won't discuss this matter any longer with you, jim: I have repeated several times WHY Hyperbola is only offering nftables, and I have no interest to repeat that again. There was no removal, jim. The version 0.4 was a rebuild. And Hyperbola 0.4 is a transitional system building the base for HyperbolaBSD. So we won't add packages Linux-only. That's the last time now I underline this.

And you can create network-filters same. Please also look for nftables at Hyperbola:

    gmp
    jansson
    libnftnl
    readline
    python (optional) - Python bindings
    asciidoc (make)

Your argumentation is not fitting the context here, jim.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

31 Reply by jim

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

If you knew that Hyperbola 0.4 is a transitional version and it is impossible to build iptables in the kernel, there are no modules, why didn’t you tell me about it right away, did you write for me to try it on a virtual machine??

I want to use iptables rather than nftables, if it’s not in the repositories, I think you could tell me how to build it.

32 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

I have told you how to build it, jim. I have also helped you and have showed you how to rebuild and redo and include packages. I have also told you that the kernel needs a rebuild then. When you use for example the one from Parabola (I have also linked you everything in the other thread). So I think all is done so you can modify your installation your way, if you want to use iptables.

You can build the kernel, install it and re-include iptables. Then you need also to do the init-configuration for OpenRC.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

33 Reply by jim (edited by jim 2024-01-13 19:53:45)

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

Yes, you undoubtedly help, but as you can see, I am following your steps and mistakes arise. Now you recommended me to build the Parabola Gnu Linux-libre kernel using this link https://git.parabola.nu/abslibre.git/tr … inux-libre to install it on my system and after that build iptables again since it’s in the kernel Parabola has the modules I need, but the problem is that it doesn’t work!

I received an error because Hyperbola does not have these packages pahole texlive-latexextra ??

34 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

I think you should also see that you need to modify the system and this is not the fault from Hyperbola. The point is: What do you really want and await? You want a default Linux or GNU/Linux-libre system? You need to rework many things. You want to follow the line Hyperbola is doing and using? Then you need to do different same. But one decision is needed at this point, jim. And as said: That PKGBUILD needs to be modified as you can always modify any PKGBUILD. That's also to be seen at the package nftables here at Hyperbola already. But as said: You will need to decide.

Doing own PKGBUILDs will go into the point where you surely be able to use them from other systems, but modify them so they fit into the context of Hyperbola. And that we also use GNU/Linux-libre is the approval this is possible.

But please understand also: I don't, won't and can't do much more at this point. When I do this for everyone else with every new package, new questions and more (aside from severe problems) I would never get back doing something else. From this point, I think, you have all what is needed to work through and decide also on your own. There is no generic "right" or generic "wrong", so decide on your own what is working for you. If it is nftables, you would need to redefine the way for filters. If it is iptables and Hyperbola, you will need to do work on your own. If it is only iptables, sorry but I can't help in there. There is no plan to turn this back as I have underlined.

And last again: You cannot use the PKGBUILD as it is from Parabola. I thought this is clear, otherwise I also emphasize this again. You need to modify it as we have not the packages Parabola has, we have also not cloned package-repositories and removed non-free ones. Hyperbola is complete different and independent. To count the different levels of possible issues:

- Debian-patchset or / and URL is no longer available (that happened exactly for iproute2), we cannot do anything about that as only reworking or updating the package
- Missing dependencies, we cannot do anything about that as to modify the packaging-script (PKGBUILD) and look what is needed or not

Both points happened and both points are nothing I have any influence about. You have chosen this way as you want iptables. So there is no other solution to go through, if you want to use Hyperbola. That will be the same with HyperbolaBSD: Porting and packaging, own tryouts for compilation and yes, possible failure and retry again.

jim wrote:

I received an error because Hyperbola does not have these packages pahole texlive-latexextra ??

No, Hyperbola does not support latex and also no pahole. We have dwarves!

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

35 Reply by zapper (edited by zapper 2024-01-15 16:10:27)

  • zapper
  • zapper
  • Hyper Cyber
  • Offline
  • Registered: 2017-10-18
  • Posts: 1,054

Re: How to install and configure nftables (firewall) in Hyperbola.

jim wrote:

I built iproute2, also iptables and ufw, but when I try to run ufw I get an error with kernel modules.

ERROR: problem running ufw-init
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/5.10.127-gnu1-1-lts
iptables v1.8.10 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)

I think you would need to modify ufw to use nftables and dwarves from Hyperbola's old ufw PKGBUILD, update the version used maybe and do some hackery to make it work.

Parabola's scripts likely wouldn't be enough.

Unless someone has a lightweight ufw on a git somewhere, this is probably what is needed.

Although, even without a firewall, Hyperbola has gotten rid of so many vulnerabilities that firewalls may not even be needed. I can't say for sure.

Firejailing does help anyhow. Just something I thought I should add.

Those not small linux frameworks ie, probably add a massive amount of problems that cause a need for a firewall.

So... yeah.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

36 Reply by jim (edited by jim 2024-01-15 21:22:07)

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

throgh wrote:

I think you should also see that you need to modify the system and this is not the fault from Hyperbola.

Okay, you very often write here on the forum that we are not Parabola, we are not Archlinux, don’t compare us with these projects, in that case
if Hyperbola is a unique operating system, the first thing you need to do (my opinion) is to spend all the money and time on writing a clear, structured wiki that will contain all the answers on how to use the unique Hyperbola operating system.


On you PKGBUILD here is the link. oh it doesn’t work then change it)) And you don’t know how, but that’s your problem...Very friendly...

Well the Packet Filter (PF) firewall in OpenBSD is very popular and there are many good instructions https://www.digitalocean.com/community/ … eebsd-12-1

37 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

You have brought into how to build the Parabola-kernel, jim. I have answered clearly how to do that, so I have supported you on every step here you wanted to go with the hope you get more out of that. Also about the URL: We cannot forsee when a new patch is available or an upgrade. That is clearly NOT a fault from Hyperbola. Don't you think we are already working on fixing this? So all you have now brought here is more out the same. Besides I have given you also a way to compile the package without issues and now you criticize me that I state you are on your own with managing your modifications?

You await something and you are not willing to answer the question about what you want exactly. I have asked what you want. Instead now you have answered with more requirements. So I will ask again: You have noted that Hyperbola is possible to be modified in every part? And I have not said that Hyperbola is "a unique operating-system". I have said that "Hyperbola is an independent operating-system". There is a difference within that. The comparisons are only helping when it gets to details in adjustment and that was always mentioned. When you try to install Parabola-packages or just take them without modifications they won't build up with Hyperbola. Also the reasoning why comparisons are not helpful. And again: Not to underline that Hyperbola is "unique", to underline that Hyperbola stand on its own.

Also your sarcastic tone is approval now again that you await that I support your journey on every step. Where is the issue to write this down and we can look together what is possible? You have noted many details so I have taken this at a signal that you know many points already. You can find older versions in the git-repositories, find differences and much more. So you are sending me signals and I need to interpret them. So where is the issue to write down what you await and want? Last but not least: As you can see from the on-going messages I write also here we have not that much money and spend all of for development and infrastructure. If you await more, you can either support us with writing or support us financial as you wanted to do. I can also propose to make a special round of talking and proposals for a wiki-structure. But when I end up doing that with myself, I leave that point out and just do what I can. You can search the forums if you don't believe me there as I have started many topics to get people together. I don't see your criticism here on a fair point, jim.

There is difference in criticism: One to be fair and another one being just pure accusations. Yes, you have the points for sure that there is need for even more information in the wiki. But to state that it is "not nice" how you have been answered: What do you think should be done when you demand to modify Hyperbola on your own needs because you want iptables? And now you bring up the packet-filters from OpenBSD?

If I remember correctly, I have just left an example from Emulatorman: https://forums.hyperbola.info/viewtopic … 7301#p7301
Your reaction was: The ordinary user would not be willing to write rulesets alike ... https://forums.hyperbola.info/viewtopic … 7302#p7302
So after that whole debate and journey with another sarcastic reaction from you awaiting Hyperbola as small system doing something out of scope and possibility, you think again about that? Besides: I hope you have seen that ufw was NOT removed, it was and is impossible to build. We have no interest to work with GNU/Linux forever and with including all those interfaces back we would have to do this. Also to repeat: You stated that I had to tell about transitioning. Sorry, but this was all communicated for a long time, repeated also here in the forums. I just want to help and support: So when you send the signal you want to modify your Hyperbola-installation, I try to help you. Complaining now towards me, that I have not documented enough, not supported enough?

I think the best way for me is to leave this thread now and you can perhaps get some feedback from within the community. Leaving also nftables-question for the community. Have a good time!

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

38 Reply by jim

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

Thank you for your answer.

There is no difference Hyperbola itself is either independent or unique, this means that the user cannot
build the program he needs, my example with iptables where there are fewer dependencies than nftables shows this, that is, I had to build iproute2, ufw, iptables, it didn’t work, then you suggested that I rebuild the Parabola kernel and it didn’t work.

I can't add repositories either.

Now let’s assume that I needed a firewall and I want to use only Hyperbola programs for security purposes, I wrote in the search and was redirected to the wiki where there is information on how to set it up in an independent Hyperbola and not copy other people’s examples without understanding what this means. This is what the wiki exists for, to explain to the user step by step from simple to complex.

Which path is better, faster and more efficient than the one I took or the one that could have been? And this is not just criticism, but constructive criticism.
I want to emphasize once again that yes, you helped me, thank you very much, but this is not effective since I achieved results!

39 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

Okay, I'm willing to get into but really, jim: A firewall-setup is very special and also not that easy as a common use for a desktop. I also understand the constructive criticism, but please also understand that sarcasm is not really helping you or me. Yes, frustration ... understood. But let's not give up on this: I'm not that kind of person being away that easy and also not give up - neither on people nor on software / hardware.

We have a choice:

a) Taking the road for modification Hyperbola to use iptables back. For this I see to redo the kernel (in this case using Parabola as source and modification), iptables including rework for OpenRC and all around the depending packages

b) Taking the nftables-road

That's the choice possible and I need you stating what kind of road taking. But this won't go for both points when I only research now. And to be honest: I hope I'm not the only person reading here, dear community. And yes, expanding information is also expanding the wiki at the same time. You can see that within articles added and enhanced also.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

40 Reply by jim

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

Thank you for understanding me correctly.

I think that HyperbolaBSD will not appear as soon as we want, although many are waiting for it, I read in different sources, so I would compile the kernel, post it here if you don’t mind and install uwf, this will also be a good example for those who wants to repeat.
But I will also study nftables.

I already tried to build the kernel =>  https://git.parabola.nu/abslibre.git/tr … inux-libre by deleting (commented out) latex pahole
About 4 or 5 hours passed and I received an error related to the script, I don’t remember the exact name of something zt...

41 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

Hmm, zstd? A proposal: I will later modify the PKGBUILD and look also into it. About HyperbolaBSD, come aboard: https://wiki.hyperbola.info/doku.php?id … guidelines, in active writing. smile

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

42 Reply by jim

  • jim
  • Hyper Teacher
  • Offline
  • Registered: 2023-10-18
  • Posts: 346

Re: How to install and configure nftables (firewall) in Hyperbola.

thank you for your help in assembling the kernel, I will wait for information from you so that I can try again to build the Parabola Gnu-linux-libre kernel and install it.

43 Reply by throgh

  • throgh
  • throgh
  • Package Development and Community Coordinator
  • Offline
  • From: Planet Earth
  • Registered: 2017-12-28
  • Posts: 2,665

Re: How to install and configure nftables (firewall) in Hyperbola.

So after looking into and planning review: Sorry, but I cannot support here more. You can nevertheless manage that on your own, using the sources like: http://blog.serverbuddies.com/enable-ip … ux-kernel/

Or you stick with nftables, jim.
That kernel from Parabola GNU/Linux-libre is NOT compatible with Hyperbola as you need definite zstd-support. We do not offer zstd any longer! And yes, I have tried to overcome that but you would really need to modify the whole kernel-configuration. It would be more helpful to reactivate the iptables-support for the Hyperbola-kernel. As said: I have not the time doing that only for this purpose of your usecase, jim.

I hope you understand that: When I start doing that, I would do from now on different kernel-configurations for every user per wish. That cannot be the goal after thinking all that through. So this is surely on you when you don't want to use nftables.

I close this thread now: When you want usecases with nftables, you can open another thread and community-members can help there, when there is interest.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!