Check out my first novel, midnight's simulacra!

Nftables: Difference between revisions

From dankwiki
No edit summary
No edit summary
 
Line 1: Line 1:
nftables are the Linux kernel's successor to [[iptables]] and the xtables family. The primary tool used to interact with nftables is <tt>nft</tt>. The most important difference between the two is that nftables introduces a multidimensional tree and generic set infrastructure; the combination of IPv4 and IPv6 into the ''inet'' family is most welcome.
nftables are the Linux kernel's successor to [[iptables]], using xtables. The primary tool used to interact with nftables is <tt>nft</tt>. The most important difference between the two is that nftables introduces a multidimensional tree and generic set infrastructure; the combination of IPv4 and IPv6 into the ''inet'' family is most welcome.
 
The <tt>iptables</tt> tool can use an nftables backend. Typically the old iptables backend is available via a tool named e.g. <tt>iptables-legacy</tt>, while the new one can often be explicitly invoked using <tt>iptables-nft</tt>. Note, however, that even <tt>iptables-nft</tt> will not necessarily show all nftables, depending on how they were configured (for instance, using the <tt>IPMasquerade</tt> option of <tt>systemd-networkd</tt> with an nftables backend will not result in anything visible using <tt>iptables-nft -t nat -L</tt>). It's thus best to get in the habit of using <tt>nft list ruleset</tt>.


==<tt>nft</tt>==
==<tt>nft</tt>==

Latest revision as of 06:49, 18 April 2024

nftables are the Linux kernel's successor to iptables, using xtables. The primary tool used to interact with nftables is nft. The most important difference between the two is that nftables introduces a multidimensional tree and generic set infrastructure; the combination of IPv4 and IPv6 into the inet family is most welcome.

The iptables tool can use an nftables backend. Typically the old iptables backend is available via a tool named e.g. iptables-legacy, while the new one can often be explicitly invoked using iptables-nft. Note, however, that even iptables-nft will not necessarily show all nftables, depending on how they were configured (for instance, using the IPMasquerade option of systemd-networkd with an nftables backend will not result in anything visible using iptables-nft -t nat -L). It's thus best to get in the habit of using nft list ruleset.

nft

nft is the nftables administration tool, replacing iptables.

See also

Retrieved from "https://nick-black.com/dankwiki/index.php?title=Nftables&oldid=10660"