How to Install nftables on Ubuntu 20.04 LTS

shivani singh
September 22, 2021

How to Install nftables on Ubuntu 20.04 LTS

Nftables is a free & open source command line utility. It is easy to use and combines all tools of the IPtables framework such as iptables, ip6tables, arptables, etc. We can easily to create table,chain & add the rules with TCP port numbers. It helps to improved error reporting & reduction in code replication.

There are few steps to install & configure nftables on ubuntu:

Step 1: Update the System.

apt-get update

Step 2: Install the nftables on System.

apt install nftables

Install Iptables.

apt install iptables

Step 3: Start & Enable the nftables service.

systemctl start nftables.service systemctl enable nftables.service

Check the nftables status.

systemctl status nftables.service

Here is the command output.

Step 4: Nftables Syntax & Examples.

nft [ -nNscaeSupyj ] [ -I directory ] [ -f filename | -i | cmd …]

To list all available options.

nft -h

Here is the command output.

Add a new table, with family “inet”.

nft add table inet table_name nft add table inet filter nft add table inet example_tables

To list all tables.

nft list tables

Here is the command output.

To add a new chain & accept all inbound traffic:

nft add chain inet example_tables example_chain '{ type filter hook input priority 0 ; policy accept ; }'

To list all chains.

nft list chains

Here is the command output.

To add a new rule & accept TCP port number.

nft add rule inet example_tables example_chain tcp dport 22 accept

To list ruleset.

nft list ruleset

Here is the command output.

To delete a rule:

nft delete rule inet table_name input handle 3 nft delete rule inet filter input handle 3

To save the ruleset.

nft list ruleset > /etc/nftables.conf

To save the rule in Iptables.

iptables-save > fwrules.txt

To display the save files.

cat /etc/nftables.conf cat fwrules.txt

Here is the command output.

To run the following command for equivalent nft & nft ruleset dump.

iptables-restore-translate -f fwrules.txt iptables-restore-translate -f fwrules.txt > ruleset.nft

Here is the command output.

An IP in nftables drop rule.

nft add rule ip filter output ip daddr ip-address drop nft add rule ip filter output ip daddr 10.10.10.10 drop

In iptables, ip-address drop rule.

iptables -A OUTPUT -d 10.10.10.10 -j DROP

Leave a Reply Cancel reply

You must be logged in to post a comment.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others