Category: nftables

nftables is a framework for packet filtering and forwarding on Linux, replacing iptables, ip6tables, arptables, and ebtables. It offers a unified syntax and improved efficiency.

  • fail2ban and nftables – Useful Tips

    Troubleshooting Fail2Ban Issues with nftables

    Fail2Ban may sometimes cause issues. In many cases, it’s enough to delete the nftables rules created by Fail2Ban, briefly stop the service, and then restart it. On restart, Fail2Ban will automatically recreate all necessary nftables sets and rules.

    I’ll omit sudo in the following examples. It will be required when running nft commands.

    Example to delete the f2b-table in the inet family context:

    Bash
    nft delete table inet f2b-table
    (more…)

  • nftables Cheat Sheet: Useful Commands for nft Part 2

    After explaining the basic nft concepts in Part 1, I’ll now present the most important commands in Part 2..

    I’ll omit sudo in the following examples. It will be required when running nft commands.

    Display the complete configuration:

    Bash
    nft list ruleset

    This command displays the entire current nftables ruleset.

    Since the ruleset can become quite large depending on its complexity, I’ve created a custom script that trims the output to the essentials: for multiline blocks within curly braces, only the first and last line are shown.

    (more…)

  • nftables Cheat Sheet: Useful Commands for nft Part 1

    nftables is a modern packet filtering framework for Linux and is set to replace iptables in the long term. In this post, I present the most useful commands that have proven effective in my daily admin work.

    The creation of new tables and chains is rarely needed in my practice, so I won’t cover that here.

    In Part 1, I explain the basic concepts. In Part 2, I go over the most important commands.

    (more…)