Skip to content

Click on each book below to review & buy on Amazon.

As an Amazon Associate, I earn from qualifying purchases.

CompTIA Linux+ XK0-005 - 2.3 - Common Firewall Technologies: nftables

Firewalls play a crucial role in securing computer systems and networks by filtering and controlling network traffic. As part of the CompTIA Linux+ exam objectives, it is important to understand how to implement and configure firewalls. One common firewall technology used in Linux distributions is nftables. This guide will provide you with step-by-step instructions on how to implement and configure nftables.

Common Firewall Technology: nftables

nftables is a powerful packet filtering framework available in many Linux distributions. It provides enhanced performance and flexibility compared to its predecessor, iptables. Here's how you can implement and configure nftables:

  • Check the current nftables configuration: Use the following command to view the current nftables rules:

    sudo nft list ruleset

    This command displays the existing ruleset in nftables.

  • Define firewall rules: nftables uses tables and chains to organize firewall rules. Use the following commands to create chains and add rules to them:

    • Create a table:

      sudo nft add table table_name

      Replace table_name with the desired name for the table.

    • Create a chain:

      sudo nft add chain table_name chain_name { type hook_type hook_priority \; }
      • table_name: Name of the table where the chain should be created.
      • chain_name: Desired name for the chain.
      • type: Hook type (e.g., input, forward, output).
      • hook_priority: Hook priority.

      Example:

      sudo nft add chain filter input { type filter hook input priority 0 \; }

      This command creates a chain named input in the filter table with the type filter, hook type input, and hook priority 0.

    • Add rules to a chain:

      sudo nft add rule table_name chain_name rule_specification
      • table_name: Name of the table.
      • chain_name: Name of the chain.
      • rule_specification: Specific rule criteria.

      Example:

      sudo nft add rule filter input tcp dport 22 counter accept

      This rule adds a rule to the filter table, input chain, matching TCP packets with destination port 22 (SSH), and accepts them. The counter option counts the number of packets matching the rule.

  • Save nftables rules: To save the nftables rules and make them persistent across reboots, use the following command:

    sudo nft list ruleset > /etc/nftables.conf

    This command saves the current nftables rules to the /etc/nftables.conf file.

  • Load saved nftables rules: To load the previously saved nftables rules from the /etc/nftables.conf file, use the following command:

    sudo nft -f /etc/nftables.conf

    This command loads the saved nftables rules, restoring the firewall configuration.

Conclusion

nftables is a powerful and flexible firewall technology used in many Linux distributions. By understanding the concepts and following the steps outlined in this guide, you will be well-prepared to implement and configure nftables in your Linux system. Remember to familiarize yourself with the specific commands, tables, chains, and rule syntax of nftables in your distribution.

Support DTV Linux

Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.

NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.