nftables basics

Introduction to nftables

nftables is a very powerful packet filtering framework, otherwise known as a firewall. In this tutorial I will introduce the most important mechanism which will allow you to build your own firewall. The tutorial assumes you are running Debian 11 “Bullseye”. It will not work on earlier version of Debian,... [Read More]
Tags: ops sec

iptables vs nftables

Upgrade, or not yet

nftables will eventuelly replace iptables as the Linux kernel packet classification framework, more comply referred to as ‘the firewall’. Both are still maintained, and will be for a while. So which one should you choose? Well obviously, nftables replacing iptables, the answer is nftables, at least in the long run.... [Read More]
Tags: ops sec

Safe reload with nftables

Reducing the risk of getting locked out

As of Debian Buster the default package filtering mechanism is nftables replacing iptables1. When using iptables I have always used the excellent Shorewall to help manage the firewall. Unfortunately Shorewall does not, and probably never will, support nftables2. Nftables has a number of improvements over iptables including features which provide... [Read More]
Tags: ops sec