0PricingLogin
Linux Networking & TCP/IP for Developers · Lesson

Advanced Firewall Rules (nftables)

Move beyond `iptables` to `nftables` for more flexible and powerful packet filtering and network address translation.

Meet nftables: The Modern Firewall

Welcome to nftables, the modern packet filtering framework for Linux! It's designed to be more flexible and easier to use than its predecessor, iptables.

While iptables uses separate tools for IPv4, IPv6, and bridging, nftables provides a unified syntax. This means you can manage all your firewall rules with a single command-line utility: nft.

Organizing with Families, Tables, Chains

nftables organizes rules into a clear hierarchy:

  • Families: Define the network layer (e.g., ip for IPv4, ip6 for IPv6, bridge for Layer 2, netdev for Layer 1/2).
  • Tables: Containers for chains, belonging to a specific family. You can have multiple tables.
  • Chains: Sequences of rules that packets are evaluated against. Chains can be "base chains" (entry points for kernel hooks) or "regular chains" (called by other chains).

All lessons in this course

  1. Advanced Firewall Rules (nftables)
  2. VPN Concepts & Configuration
  3. Network Intrusion Detection (IDS)
  4. SSH Hardening and Key-Based Authentication
← Back to Linux Networking & TCP/IP for Developers