shivani singh- September 22, 2021
How to Install nftables on Ubuntu 20.04 LTS
Nftables is a free & open source command line utility. It is easy to use and combines all tools of the IPtables framework such as iptables, ip6tables, arptables, etc. We can easily to create table,chain & add the rules with TCP port numbers. It helps to improved error reporting & reduction in code replication.
There are few steps to install & configure nftables on ubuntu:
Step 1: Update the System.
apt-get update
Step 2: Install the nftables on System.
apt install nftables
- Install Iptables.
apt install iptables
Step 3: Start & Enable the nftables service.
systemctl start nftables.service
systemctl enable nftables.service
- Check the nftables status.
systemctl status nftables.service
- Here is the command output.
Step 4: Nftables Syntax & Examples.
nft [ -nNscaeSupyj ] [ -I directory ] [ -f filename | -i | cmd …]
- To list all available options.
nft -h
- Here is the command output.
- Add a new table, with family “inet”.
nft add table inet table_name
nft add table inet filter
nft add table inet example_tables
- To list all tables.
nft list tables
- Here is the command output.
- To add a new chain & accept all inbound traffic:
nft add chain inet example_tables example_chain '{ type filter hook input priority 0 ; policy accept ; }'
- To list all chains.
nft list chains
- Here is the command output.
- To add a new rule & accept TCP port number.
nft add rule inet example_tables example_chain tcp dport 22 accept
- To list ruleset.
nft list ruleset
- Here is the command output.
- To delete a rule:
nft delete rule inet table_name input handle 3
nft delete rule inet filter input handle 3
- To save the ruleset.
nft list ruleset > /etc/nftables.conf
- To save the rule in Iptables.
iptables-save > fwrules.txt
- To display the save files.
cat /etc/nftables.conf
cat fwrules.txt
- Here is the command output.
- To run the following command for equivalent nft & nft ruleset dump.
iptables-restore-translate -f fwrules.txt
iptables-restore-translate -f fwrules.txt > ruleset.nft
- Here is the command output.
- An IP in nftables drop rule.
nft add rule ip filter output ip daddr ip-address drop
nft add rule ip filter output ip daddr 10.10.10.10 drop
- In iptables, ip-address drop rule.
iptables -A OUTPUT -d 10.10.10.10 -j DROP