Ask Ubuntu
Ask Ubuntu

Questions tagged [nftables]

nftables is a project providing packet filtering and packet classification on Linux

It is intended to replace existing iptables, ip6tables, arptables and ebtables frameworks. nftables is a combination of a Linux kernel engine, and a userspace utility.

It utilizes the building blocks of the Netfilter infrastructure, such as the existing hooks, connection tracking system, userspace queueing component, and logging subsystem. Also, there is a planned compatibility layer for the translation of already existing iptables firewall rules into their nftables equivalents.

Source: Wikipedia

19 questions
9
votes
2 answers

Ubuntu 21.10 switched to nftables, so why is iptables still available?

According to 21.10 release notes: nftables is now the default backend for the firewall. However, having installed Ubuntu 21.10, I can see I still have iptables (and ufw) installed by default: m@m-VirtualBox:~$ whereis iptables iptables:…
gaazkam
  • 295
8
votes
2 answers

Warning: iptables-legacy tables present

I have migrated my Ubuntu Focal server firewall backend from legacy iptables to netfilter, by running update-alternatives --set iptables /usr/sbin/iptables-nft and rebooting the server. Now all tables shown in iptables-legacy -S are empty, but when…
iBug
  • 1,859
4
votes
1 answer

firewalld - No such file or directory

After upgrading from Ubuntu 20.04 to 20.10 I want to finally get started with firewalld instead of the old manual iptables approach, but all I get from the service is the following, which also breaks any network integration with Docker: Feb 13…
Ancoron
  • 161
4
votes
0 answers

Completely disable IPTables

I have been playing around with switching to nftables (purely as a learning exercise). I have it all working perfectly except for the fact I have to manually unload iptable_nat from the kernel after a restart. What I have attempted so…
Sifr Moja
  • 171
3
votes
3 answers

Where to get nftables?

As far as I understand the kernel facility nftables exists in the kernel that comes with Ubuntu 14.04. As is proven by the following two commands: # grep -E '(NF_TABLES|NFT_)' /boot/config-$(uname…
0xC0000022L
  • 5,870
3
votes
2 answers

Can someone explain interactions between iptables, nftables and bpf?

I'm on Ubuntu 20.10 trying to do some routing config for my virtual network, and I'm confused about the interactions between the 3 main types of firewall technology used in modern Linux distros, namely: iptables nft netfilter bpf berkeley packet…
Avery Freeman
  • 1,376
3
votes
2 answers

Update from 20.04 to 20.10 - iptables not replaced with nftables

According to this article on itsfoss.com nftables should replace iptables after updating from 20.04 to 20.10. In my case not only is iptables still installed, but also nftables is missing. Does it imply that the update process has failed and there…
Łukasz Sypniewski
  • 855
2
votes
2 answers

NFTables and g(ufw)

I am going to install Xubuntu 22.04 on one of my computers and i have a question about firewall. As i understand Ubuntu use NFTables now. I have noticed some information about Debian (which is base for Ubuntu) using NFTables now. And Debian wiki…
SteelRat
  • 31
2
votes
1 answer

Best Practices for persisting nftables rules

I'm new to Ubuntu having moved from hosting on CentOS7 which was using iptables and I was comfortable with how apf and bfd handled (hid) iptables from me.. and it was working well So, I've moved to Ubuntu (20.04 LSR) and the "ubuntu-way" to do…
DigitalSorceress
  • 52
2
votes
1 answer

ufw-init errors out with Bad argument DROP

I don't know unfortunately when it stopped working, because I was using it as a fire and forget solution. Not so long ago I checked it with gufw and was stunned to realize my machine is naked. root@asus:/etc/ufw# dpkg -l | grep ufw ii gufw …
Csaba Toth
  • 1,498
1
vote
1 answer

What are the use cases of "continue" verdict in the nftables?

It is described in the documentation of nftables as: continue Continue ruleset evaluation with the next rule. This is the default behaviour in case a rule issues no verdict. But I am curious as what might be the use cases of continue
Noah5CE
  • 43
1
vote
1 answer

Completely remove ufw, delete all iptables chains and rules, for a fresh start with nftables firewall in Ubuntu MATE 19.04

Though I have gone through quite a few threads on AskUbuntu (1, 2, 3), and elsewhere, I'm little confuse on how to proceed. I'd like to completely remove ufw, delete all iptables chains and rules, for a fresh start with nftables firewall in Ubuntu…
Jags
  • 2,235
  • 3
  • 28
  • 44
0
votes
0 answers

adding postrouting chain in nat table nftables

I have a problem to set postrouting chain in nat table in nftables. I have ubuntu 22.04 lts. I added table nat: nft add table ip nat I tried to add postrouting to this table : nft add chain ip nat postrouting { type nat hook postrouting priority…
lirongr1996
  • 1
0
votes
0 answers

how do I make persistent changes to nft ruleset (ubuntu 24.04)

How should I make changes to the nft ruleset that persist over a reboot? I would have thought that editing /etc/nftables.conf would be one way to do this but, as far as I can tell, that file is not getting loaded on reboot. See below that just…
Dave Compton
  • 101
0
votes
1 answer

nftables.conf - file permissions

after the plain installation of nftables (ubuntu server 22.04) the permissions of the /etc/nftables.conf file are set to 755 (-rwxr-xr-x). i cannot believe that it's necessary that anyone has read and execute rights. so: what are the correct minimum…
Shaun.M
  • 21
1
2