{{ $('Map tags to IDs').item.json.title }}
Introduction to nftables in Linux
nftables is a framework in the Linux kernel for packet filtering and classification, designed to replace the older iptables, ip6tables, arptables, and ebtables. It provides a simpler and more efficient way to manage firewall rules and network traffic. This tutorial will introduce you to nftables and guide you through setting it up for basic packet filtering in Linux.
1. Installing nftables
Most modern Linux distributions include nftables by default. To check if nftables is installed, run:
nft --versionIf you don’t have it installed, you can use your package manager to install it:
- For Ubuntu:
sudo apt update sudo apt install nftables - For CentOS:
sudo yum install nftables
2. Starting nftables
To use nftables, you need to start its service. On most distributions, use:
sudo systemctl start nftables
sudo systemctl enable nftablesThis starts the nftables service and enables it to run on boot.
3. Understanding nftables Configuration
nftables configuration files are typically stored in /etc/nftables.conf. You can create this file to set up your rules. Start by creating the file:
sudo nano /etc/nftables.conf3.1. Basic Configuration Example
Here’s a sample configuration that creates a basic firewall:
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
iif "lo" accept
ct state established,related accept
ip saddr 192.168.1.0/24 accept
ip protocol icmp accept
drop;
}
chain forward {
type filter hook forward priority 0; policy drop;
}
}
This configuration sets a basic policy to drop all incoming traffic, while allowing traffic from localhost and established connections.
4. Applying the Configuration
After saving your configuration, you can apply it with the following command:
sudo nft -f /etc/nftables.confThis loads the rules defined in your configuration file into the nftables framework.
5. Viewing Current Rules
To see currently applied rules, run:
sudo nft list rulesetThis command displays the entire ruleset defined in nftables.
6. Persistent Configuration
To ensure your nftables rules persist after a reboot, ensure the service is enabled (as shown in step 2) and your configuration file is correctly set at boot by adding it to nftables service.
7. Conclusion
By following this tutorial, you have learned the basics of using nftables for packet filtering in Linux. nftables offers a modern approach to managing firewall rules, providing flexibility and high performance. Continue exploring nftables to take full advantage of its powerful features for securing networks and managing traffic effectively!
About the Author
