Lost access to server after installing nftables

Sid · June 19, 2026, 3:50pm

What app is this about, and its version: nftables
What YunoHost version are you running: 12.1.40.1
What type of hardware are you using: Old laptop or computer

Describe your issue

After installing nftables, I’m no longer able to access my server from outside of my local network. I figured my IP was on this ban list for some reason, so I removed the default blocklist. After that I was still unable to access the server. Then I uninstalled nftables completely, and now am still completely unable to access the server remotely.

Share relevant logs or error messages

none

otm33 · June 19, 2026, 5:24pm

Try

 yunohost tools regen-conf nftables -d -n
# if needed :
 yunohost tools regen-conf nftables -f

JfmbLinux · June 19, 2026, 8:05pm

Salut,

J’ai installé, il y a quelques mois, le script Linux-scripts/yunohost/block_countries_yunohost.md at main · DeMiro5001/Linux-scripts · GitHub de @jarod5001

Faut-il le supprimer avant d’installer nftables blacklist ?

Sid · June 19, 2026, 9:31pm

Lo siento, no hablo Frances

Sid · June 19, 2026, 9:32pm

No luck, but thank you.

jarod5001 · June 19, 2026, 9:43pm

Probably yes, they serve similar purposes with more lists in the nftables block list app

@Sid it would help to run the diagnosis and share the link
Did you delete the yunohost app or the debian package?

Sid · June 19, 2026, 10:28pm

Thanks, here are the results of the diagnosis:

https://paste.yunohost.org/raw/pumonuqede

Sid · June 19, 2026, 10:42pm

I see in the results of the diagnosis that nftables was not uninstalled when I performed the action from the GUI. I ran sudo systemctl stop nftables.service and was able to successfully regain remote access.

Is there a way I can effectively uninstall or remove this service?

JfmbLinux · June 19, 2026, 11:00pm

No lo sientas, no sabía que eras español.

otm33 · June 20, 2026, 12:32am

You should not do that : this is the yunohost firewall, not the nftables-blacklist service app.

Sid · June 20, 2026, 4:17am

Well I have the firewall on my router configured properly, regardless.

Any suggestions on what I should do?

jarod5001 · June 20, 2026, 6:07am

Fail2ban won’t be able to set rules on your router.
Can you share the output of
yunohost app list | grep nft

otm33 · June 20, 2026, 9:11am

This is unnecessarily hostile, I’m only trying to help (que sólo te quería avisar por si no sabías qué era nftables. Pero, claro, si quieres desinstalar el firewall de yunohost -y atenerte a las consecuencias, que no serán pocas-, pues allá tú eh ).

Otherwise, you can check this:

sudo nft list sets

Sid · June 20, 2026, 9:55pm

This does not return anything, unfortunately

Sid · June 20, 2026, 9:57pm

I apologize if it came off that way, that was not my intention.

This does not return anything either

otm33 · June 20, 2026, 10:03pm

Ok.

Did you restart nftables ?

Sid · June 20, 2026, 10:05pm

table inet filter {
}

otm33 · June 20, 2026, 10:11pm

Can you check if fail2ban is running ? systemctl status fail2ban

If it is not systemctl start fail2ban

and sudo fail2ban-client status sshd

Sid · June 20, 2026, 10:22pm

fail2ban was inactive. Restarted. After which sudo nft list sets still returns the same response.

sudo fail2ban-client status sshd returns the following:

○ fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; preset: ena>
Drop-In: /etc/systemd/system/fail2ban.service.d
└─systemd-override-bind-nftables.conf
Active: inactive (dead) since Fri 2026-06-19 17:39:52 CDT; 23h ago
Duration: 2w 5d 28min 4.234s
Docs: man:fail2ban(1)
Process: 649 ExecStart=/usr/bin/fail2ban-server -xf start (code=killed, sig>
Process: 1701962 ExecStop=/usr/bin/fail2ban-client stop (code=exited, statu>
Main PID: 649 (code=killed, signal=TERM)
CPU: 3h 25min 43.716s

otm33 · June 20, 2026, 10:24pm

It should return something related to the sshd jail