Re: "nft list hooks" not working (empty output)

[Pablo Neira Ayuso <pablo@netfilter.org>]

On Thu, Jun 11, 2026 at 12:24:28AM +0200, Binarus wrote:
> Dear all,
> 
> according to the man page for nft, "nft list hooks" should list all functions registered at each hook, along with their priorities, and including the internal nftables functions. I am understanding this in the sense that "nft list hooks" should output something at least when there actually is a ruleset.
> 
> But on my test system, that output is always empty. Please consider the following excerpt from a terminal session:
> 
> root@charon /etc/network # nft list ruleset
> table ip t_IP {
>         chain input-filter {
>                 type filter hook input priority filter; policy accept;
>                 ip protocol icmp drop
>         }
> }
> root@charon /etc/network # nft list hooks
> root@charon /etc/network #
> 
> Of course, that ruleset does not make any sense, but it serves its purpose for testing. "nft list hooks" should output something in that situation, shouldn't it?
> 
> This happens on Debian trixie, kernel 6.12.90, nftables 1.1.3.
> 
> I also have tried "nft list hooks inet" with the same result.
> 
> Furthermore, I have created another ruleset with an ingress filter and have tried "nft list hooks netdev", which also gave no output.
> 
> Any advice or explanation? Where is my misunderstanding or mistake?

It seems debian kernels do not compile support for this command?

grep CONFIG_NETFILTER_NETLINK_HOOK /boot/config-6.12.74+deb13+1-amd64 
# CONFIG_NETFILTER_NETLINK_HOOK is not set