Click on each book below to review & buy on Amazon.
As an Amazon Associate, I earn from qualifying purchases.
CompTIA Linux+ XK0-005 - 2.3 - Common Firewall Technologies: nftables
Firewalls play a crucial role in securing computer systems and networks by filtering and controlling network traffic. As part of the CompTIA Linux+ exam objectives, it is important to understand how to implement and configure firewalls. One common firewall technology used in Linux distributions is nftables. This guide will provide you with step-by-step instructions on how to implement and configure nftables.
Common Firewall Technology: nftables
nftables is a powerful packet filtering framework available in many Linux distributions. It provides enhanced performance and flexibility compared to its predecessor, iptables. Here's how you can implement and configure nftables:
-
Check the current nftables configuration: Use the following command to view the current nftables rules:
sudo nft list ruleset
This command displays the existing ruleset in nftables.
-
Define firewall rules: nftables uses tables and chains to organize firewall rules. Use the following commands to create chains and add rules to them:
-
Create a table:
sudo nft add table table_name
Replace
table_name
with the desired name for the table. -
Create a chain:
sudo nft add chain table_name chain_name { type hook_type hook_priority \; }
table_name
: Name of the table where the chain should be created.chain_name
: Desired name for the chain.type
: Hook type (e.g.,input
,forward
,output
).hook_priority
: Hook priority.
Example:
sudo nft add chain filter input { type filter hook input priority 0 \; }
This command creates a chain named
input
in thefilter
table with the typefilter
, hook typeinput
, and hook priority0
. -
Add rules to a chain:
sudo nft add rule table_name chain_name rule_specification
table_name
: Name of the table.chain_name
: Name of the chain.rule_specification
: Specific rule criteria.
Example:
sudo nft add rule filter input tcp dport 22 counter accept
This rule adds a rule to the
filter
table,input
chain, matching TCP packets with destination port 22 (SSH), and accepts them. Thecounter
option counts the number of packets matching the rule.
-
-
Save nftables rules: To save the nftables rules and make them persistent across reboots, use the following command:
sudo nft list ruleset > /etc/nftables.conf
This command saves the current nftables rules to the
/etc/nftables.conf
file. -
Load saved nftables rules: To load the previously saved nftables rules from the
/etc/nftables.conf
file, use the following command:sudo nft -f /etc/nftables.conf
This command loads the saved nftables rules, restoring the firewall configuration.
Conclusion
nftables is a powerful and flexible firewall technology used in many Linux distributions. By understanding the concepts and following the steps outlined in this guide, you will be well-prepared to implement and configure nftables in your Linux system. Remember to familiarize yourself with the specific commands, tables, chains, and rule syntax of nftables in your distribution.
Support DTV Linux
Click on each book below to review & buy on Amazon. As an Amazon Associate, I earn from qualifying purchases.
NordVPN ®: Elevate your online privacy and security. Grab our Special Offer to safeguard your data on public Wi-Fi and secure your devices. I may earn a commission on purchases made through this link.