Learning (The Basics of) Nftables
a year ago
- #nftables
- #networking
- #linux-firewall
- nftables is a modern replacement for iptables, introduced in 2014, offering efficiency and easier extensibility.
- nftables reduces code duplication and supports a more intuitive configuration language compared to iptables.
- iptables-nft is a compatibility layer allowing users to use iptables commands while translating them to nftables rules.
- nftables configuration is file-based, unlike iptables which requires iptables-restore for loading rules.
- Tables in nftables can be defined for different protocols (inet, ip, ip6), with chains specifying default policies (drop/accept).
- Rules can be added to chains to allow specific traffic, such as permitting SSH on a particular interface.
- Forwarding rules enable traffic between interfaces, useful for LAN configurations.
- NAT rules in nftables are straightforward, allowing source NAT for traffic from a local subnet via a public interface.
- The author found nftables enjoyable to work with and encourages others to rewrite their firewalls using it.