System Grab Bag

View all TLDR pages from Linux (or from all pages)

nft

Allows configuration of tables, chains and rules provided by the Linux kernel firewall. Nftables replaces iptables. More information: https://wiki.nftables.org/wiki-nftables/index.php/Main_Page.
  • View current configuration:
    sudo nft list ruleset
  • Add a new table with family "inet" and table "filter":
    sudo nft add table {{inet}} {{filter}}
  • Add a new chain to accept all inbound traffic:
    sudo nft add chain {{inet}} {{filter}} {{input}} \{ type {{filter}} hook {{input}} priority {{0}} \; policy {{accept}} \}
  • Add a new rule to accept several TCP ports:
    sudo nft add rule {{inet}} {{filter}} {{input}} {{tcp}} {{dport \{ telnet, ssh, http, https \} accept}}
  • Add a NAT rule to translate all traffic from the 192.168.0.0/24 subnet to the host's public IP:
    sudo nft add rule {{nat}} {{postrouting}} ip saddr {{192.168.0.0/24}} {{masquerade}}
  • Show rule handles:
    sudo nft --handle --numeric list chain {{family}} {{table}} {{chain}}
  • Delete a rule:
    sudo nft delete rule {{inet}} {{filter}} {{input}} handle {{3}}
  • Save current configuration:
    sudo nft list ruleset > {{/etc/nftables.conf}}

License and Disclaimer

The content on this page is copyright © 2014—present the tldr-pages team and contributors.
This page is used with permission under Creative Commons Attribution 4.0 International License.

While we do attempt to make sure content is accurate, there isn't a warranty of any kind.