{{ $('Map tags to IDs').item.json.title }}
How to Use nftables Firewall
nftables is a modern packet filtering framework in Linux that replaces iptables as the default tool for managing firewall rules. It offers a simplified syntax, improved performance, and the ability to handle IPv4, IPv6, ARP, and Ethernet rules all in one interface. This tutorial will cover the basics of using nftables for firewall management.
1. Installing nftables
nftables is available in most modern Linux distributions. You can check if it is installed by running:
nft --versionIf it is not installed, you can install it using:
- For Ubuntu:
sudo apt update sudo apt install nftables - For CentOS:
sudo yum install nftables
2. Starting nftables
To start using nftables, you need to enable the service:
sudo systemctl start nftablesAnd to enable it on boot:
sudo systemctl enable nftables3. Basic nftables Commands
The basic command structure for nftables is:
nft [options] For example, to view the current ruleset, run:
sudo nft list ruleset4. Creating a Simple Firewall Rule
To create a basic rule that allows incoming SSH traffic, you can define a table and a chain:
sudo nft add table inet filter
sudo nft add chain inet filter input { type filter hook input priority 0; }
sudo nft add rule inet filter input tcp dport 22 acceptThis creates a table named filter, a chain for input traffic, and adds a rule to accept connections on port 22 for SSH.
5. Listing Current Rules
To view all current rules defined in nftables:
sudo nft list table inet filterThis will show the created table along with its rules.
6. Deleting a Rule
If you want to delete a rule, use:
sudo nft delete rule inet filter input handle rule_numberReplace rule_number with the actual rule number you wish to delete.
7. Saving Your Configuration
To make sure your rules persist across reboots, save your configuration:
sudo nft list ruleset > /etc/nftables.confThen, you can configure the nftables service to load this file on startup by editing /etc/systemd/system/nftables.service to include:
ExecStart=/usr/sbin/nft -f /etc/nftables.conf8. Conclusion
By following this tutorial, you have learned how to use nftables for managing firewall rules in Linux. Nftables provides a powerful and flexible approach to firewall management, enhancing network security. Explore additional options and configurations available within nftables to further optimize your firewall settings!
About the Author
