• NFTables Part 2

    Introduction This is a continuation of [NFTables part 1] which just looked at installing and basic concepts. This page looks in greater depth at a ruleset and the syntax of the rules it contains Dissecting a Ruleset Script #!/usr/sbin/nft -f flush ruleset define web = {http,https} define mail = {smtp,pop3,imap3,submission} define altssh = 22 define ftpports = {ftp,ftps} table inet...

  • NFTables Part 1

    Introduction Iptables (and its sister ip6tables) or programs based upon it has for many years been the standard firewall product for Linux machines. Its reign is coming to an end. Debian has announced that the next incarnation of its OS (Debian 10) will see its replacement by nftables. Current kernels already have the nftables engine powering their firewalls with iptables...