Ask Ubuntu Stack Exchange
Ask Ubuntu Stack Exchange

Questions tagged [nftables]

nftables is a project providing packet filtering and packet classification on Linux

It is intended to replace existing iptables, ip6tables, arptables and ebtables frameworks. nftables is a combination of a Linux kernel engine, and a userspace utility.

It utilizes the building blocks of the Netfilter infrastructure, such as the existing hooks, connection tracking system, userspace queueing component, and logging subsystem. Also, there is a planned compatibility layer for the translation of already existing iptables firewall rules into their nftables equivalents.

Source: Wikipedia

16 questions
9
votes
2 answers

Ubuntu 21.10 switched to nftables, so why is iptables still available?

According to 21.10 release notes: nftables is now the default backend for the firewall. However, having installed Ubuntu 21.10, I can see I still have iptables (and ufw) installed by default: m@m-VirtualBox:~$ whereis iptables iptables:…
gaazkam
  • 285
  • 1
  • 3
  • 11
7
votes
2 answers

Warning: iptables-legacy tables present

I have migrated my Ubuntu Focal server firewall backend from legacy iptables to netfilter, by running update-alternatives --set iptables /usr/sbin/iptables-nft and rebooting the server. Now all tables shown in iptables-legacy -S are empty, but when…
iBug
  • 1,529
  • 3
  • 16
  • 30
3
votes
3 answers

Where to get nftables?

As far as I understand the kernel facility nftables exists in the kernel that comes with Ubuntu 14.04. As is proven by the following two commands: # grep -E '(NF_TABLES|NFT_)' /boot/config-$(uname…
0xC0000022L
  • 5,656
  • 6
  • 52
  • 91
3
votes
2 answers

Update from 20.04 to 20.10 - iptables not replaced with nftables

According to this article on itsfoss.com nftables should replace iptables after updating from 20.04 to 20.10. In my case not only is iptables still installed, but also nftables is missing. Does it imply that the update process has failed and there…
Łukasz Sypniewski
  • 795
  • 1
  • 7
  • 9
3
votes
0 answers

Completely disable IPTables

I have been playing around with switching to nftables (purely as a learning exercise). I have it all working perfectly except for the fact I have to manually unload iptable_nat from the kernel after a restart. What I have attempted so…
Cipher Menial
  • 161
  • 8
2
votes
1 answer

firewalld - No such file or directory

After upgrading from Ubuntu 20.04 to 20.10 I want to finally get started with firewalld instead of the old manual iptables approach, but all I get from the service is the following, which also breaks any network integration with Docker: Feb 13…
Ancoron
  • 131
  • 1
  • 4
2
votes
1 answer

ufw-init errors out with Bad argument DROP

I don't know unfortunately when it stopped working, because I was using it as a fire and forget solution. Not so long ago I checked it with gufw and was stunned to realize my machine is naked. root@asus:/etc/ufw# dpkg -l | grep ufw ii gufw …
Csaba Toth
  • 1,313
  • 4
  • 17
  • 29
1
vote
1 answer

Best Practices for persisting nftables rules

I'm new to Ubuntu having moved from hosting on CentOS7 which was using iptables and I was comfortable with how apf and bfd handled (hid) iptables from me.. and it was working well So, I've moved to Ubuntu (20.04 LSR) and the "ubuntu-way" to do…
DigitalSorceress
  • 42
  • 1
  • 4
1
vote
1 answer

Can someone explain interactions between iptables, nftables and bpf?

I'm on Ubuntu 20.10 trying to do some routing config for my virtual network, and I'm confused about the interactions between the 3 main types of firewall technology used in modern Linux distros, namely: iptables nft netfilter bpf berkeley packet…
AveryFreeman
  • 1,206
  • 15
  • 28
1
vote
1 answer

Completely remove ufw, delete all iptables chains and rules, for a fresh start with nftables firewall in Ubuntu MATE 19.04

Though I have gone through quite a few threads on AskUbuntu (1, 2, 3), and elsewhere, I'm little confuse on how to proceed. I'd like to completely remove ufw, delete all iptables chains and rules, for a fresh start with nftables firewall in Ubuntu…
Jags
  • 2,126
  • 2
  • 19
  • 37
0
votes
1 answer

nftables.conf - file permissions

after the plain installation of nftables (ubuntu server 22.04) the permissions of the /etc/nftables.conf file are set to 755 (-rwxr-xr-x). i cannot believe that it's necessary that anyone has read and execute rights. so: what are the correct minimum…
Shaun.M
  • 11
  • 3
0
votes
2 answers

NFTables and g(ufw)

I am going to install Xubuntu 22.04 on one of my computers and i have a question about firewall. As i understand Ubuntu use NFTables now. I have noticed some information about Debian (which is base for Ubuntu) using NFTables now. And Debian wiki…
SteelRat
  • 11
  • 3
0
votes
1 answer

How do I configure persistent firewall settings in Ubuntu 22.04 LTS - confused about ufw, nfw and iptables(-nfw/-legacy)

TL;DR: how do I configure firewall rules to be persistent? I am not using UFW, I believe I am using iptables-nft. First, I have started from pretty recent vanilla Ubuntu 22.04LTS installation (some misc tools added) installed Docker using apt…
Janne Mattila
  • 101
  • 1
  • 4
0
votes
0 answers

Listening port's with service name

I'm looping in listening ports and when looping I want to get the exact service name of the ports for further activity. So how can I get the service name of the ports.
lee
  • 1
  • 3
0
votes
2 answers

Translate the source address of all packets leaving a particular interface with nftables

I am running Ubuntu Server 18-04 VM on Zorin host. I am wanting to translate the source address of all packets leaving via enp0s3 to 192.168.1.120 with nftables. This is what I have done: apt install nftables modprobe nft_nat modprobe…
Jedi
  • 421
  • 2
  • 9
  • 20
1
2