NFTABLES Basic Guide

By /

Listen to this Post

Nftables is a new packet classification infrastructure intended to replace the existing {ip, ip6, arp, eb}_tables framework.

Key Features:

  • Available in Linux kernels >= 3.13.
  • Introduces a new command-line tool (nft) with a different syntax than iptables.
  • Includes a compatibility layer to run iptables commands over the new nftables infrastructure.
  • Supports maps and concatenations, enabling multidimensional rulesets that reduce the number of required rules.

You Should Know:

Basic Nftables Commands

1. Installation

For Debian/Ubuntu:

sudo apt install nftables

For CentOS/RHEL:

sudo yum install nftables

2. Start and Enable Nftables

sudo systemctl start nftables 
sudo systemctl enable nftables

3. Basic Rule Management

  • View Current Ruleset:
    sudo nft list ruleset
  • Flush All Rules:
    sudo nft flush ruleset

4. Creating a Simple Firewall

  • Create a Table:
    sudo nft add table inet my_table
  • Add a Chain:
    sudo nft add chain inet my_table my_chain { type filter hook input priority 0 \; }
  • Add a Rule to Allow SSH:
    sudo nft add rule inet my_table my_chain tcp dport 22 accept
  • Block an IP Address:
    sudo nft add rule inet my_table my_chain ip saddr 192.168.1.100 drop

5. Saving and Restoring Rules

  • Save Rules:
    sudo nft list ruleset > /etc/nftables.conf
  • Restore Rules:
    sudo nft -f /etc/nftables.conf

6. Advanced Features

  • Sets (for Dynamic IP Blocking):
    sudo nft add set inet my_table bad_ips { type ipv4_addr \; } 
sudo nft add rule inet my_table my_chain ip saddr @bad_ips drop
  • Counters (Track Packet/Byte Counts):
    sudo nft add counter inet my_table my_counter 
sudo nft add rule inet my_table my_chain counter name \"my_counter\"

What Undercode Say

Nftables represents a significant evolution in Linux firewall management, offering improved performance, flexibility, and scalability over iptables. By leveraging its advanced features like sets, maps, and dynamic rulesets, administrators can build highly efficient security policies.

Additional Useful Commands:

  • Monitor Traffic in Real-Time:
    sudo nft monitor
  • Check Kernel Support:
    lsmod | grep nf_tables
  • Delete a Rule:
    sudo nft delete rule inet my_table my_chain handle <handle_num>
  • List All Tables:
    sudo nft list tables

For further reading, refer to the official Nftables Wiki.

Expected Output:

A fully configured nftables firewall with optimized rulesets for security and performance.

References:

Reported By: Activity 7312511187433283585 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: