stintel's blog

Today I decided to give OpenSnitch another try. I had installed it before in 2021, but never got around to testing it. At some point it started causing dependency problems in Gentoo, probably after a new Python version had been stabilized, so I've uninstalled it.

After starting the service and opening the UI, I noticed there weren't any packets. The log file also threw a bunch of errors related to nftables.

[2025-08-19 15:54:54]  IMP  Start writing logs to /var/log/opensnitchd.log
[2025-08-19 15:54:55]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:55]  ERR  nftables: addChain, Error getting table: filter, inet
[2025-08-19 15:54:55]  WAR  nftables: error adding chain: forward, table: filter
[2025-08-19 15:54:55]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:55]  ERR  nftables: addChain, Error getting table: filter, inet
[2025-08-19 15:54:55]  WAR  nftables: error adding chain: output, table: filter
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: filter, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: input, table: filter
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: nat, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: filter-prerouting, table: nat
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: mangle, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: prerouting, table: mangle
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: mangle, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: postrouting, table: mangle
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: nat, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: prerouting, table: nat
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: nat, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: postrouting, table: nat
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: nat, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: input, table: nat
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: nat, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: output, table: nat
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: mangle, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: output, table: mangle
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  nftables: addChain, Error getting table: mangle, inet
[2025-08-19 15:54:56]  WAR  nftables: error adding chain: forward, table: mangle
[2025-08-19 15:54:56]  WAR  nftables: error applying changes: conn.Receive: netlink receive: operation not supported
[2025-08-19 15:54:56]  ERR  Error while adding interception tables: nftables: error adding system firewall table: mangle, family: inet (1)

Trying to add a table manually also didn't work:

# nft add table inet filter
Error: Could not process rule: Operation not supported
add table inet filter
^^^^^^^^^^^^^^^^^^^^^^

OpenSnitch tries to create a table of the inet family, which is a single table that handles both IPv4 and IPv6 packets. This requires the kernel config symbol CONFIG_NF_TABLES_INET to be enabled, which wasn't the case for my kernel.

© 2007 - 2025 Stijn Tintel