nftables Beginner Examples

The first things you need to do and the commands that you need. Save and Translate your iptables rule into nftables rules when migrating from iptables to nftables are:

Save iptables rules to text file

iptables-save -c > iptables-saved-backup.txt

Translate iptables rules to nftables text file

iptables-restore-translate -f iptables-saved-backup.txt > ruleset.nft

Active nftables rules

nft -f ruleset.nft

NOTE

You should remove/purge iptables or (as in one case) the server can lock up. On another server I experienced no problem having both installed (but only using nftables).

apt purge iptables

A simple example nftables input chain

chain input { 
type filter hook input priority 0;
ct state established,related counter accept;     
ct state invalid counter drop;     
tcp dport {22, 80, 443} ct state new counter accept;     
ip saddr @my_ipv4_addrs counter accept;     
ip6 saddr @my_ipv6_addrs counter accept; 
}

List nftables Rules

nft list table filter

Flush nftables rules

nft flush ruleset

Save backup of nftables rules to file

nft list ruleset > /etc/nftables.rules

Test your nftables firewall with the following command

sudo -- sh -c 'nft -f /etc/nftables.conf; sleep 30; nft flush ruleset'

This will activate the firewall and reset it after 30 seconds. This test prevents locking yourself out of your server.