Check out my first novel, midnight's simulacra!
Nftables: Difference between revisions
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
nftables are the Linux kernel's successor to [[iptables]] | nftables are the Linux kernel's successor to [[iptables]], using xtables. The primary tool used to interact with nftables is <tt>nft</tt>. The most important difference between the two is that nftables introduces a multidimensional tree and generic set infrastructure; the combination of IPv4 and IPv6 into the ''inet'' family is most welcome. | ||
The <tt>iptables</tt> tool can use an nftables backend. Typically the old iptables backend is available via a tool named e.g. <tt>iptables-legacy</tt>, while the new one can often be explicitly invoked using <tt>iptables-nft</tt>. Note, however, that even <tt>iptables-nft</tt> will not necessarily show all nftables, depending on how they were configured (for instance, using the <tt>IPMasquerade</tt> option of <tt>systemd-networkd</tt> with an nftables backend will not result in anything visible using <tt>iptables-nft -t nat -L</tt>). It's thus best to get in the habit of using <tt>nft list ruleset</tt>. | |||
==<tt>nft</tt>== | |||
<tt>nft</tt> is the nftables administration tool, replacing <tt>iptables</tt>. | |||
==See also== | ==See also== | ||
* "[https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables Moving from iptables to nftables]" from the nftables wiki | * "[https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables Moving from iptables to nftables]" from the nftables wiki | ||
Latest revision as of 06:49, 18 April 2024
nftables are the Linux kernel's successor to iptables, using xtables. The primary tool used to interact with nftables is nft. The most important difference between the two is that nftables introduces a multidimensional tree and generic set infrastructure; the combination of IPv4 and IPv6 into the inet family is most welcome.
The iptables tool can use an nftables backend. Typically the old iptables backend is available via a tool named e.g. iptables-legacy, while the new one can often be explicitly invoked using iptables-nft. Note, however, that even iptables-nft will not necessarily show all nftables, depending on how they were configured (for instance, using the IPMasquerade option of systemd-networkd with an nftables backend will not result in anything visible using iptables-nft -t nat -L). It's thus best to get in the habit of using nft list ruleset.
nft
nft is the nftables administration tool, replacing iptables.
See also
- "Moving from iptables to nftables" from the nftables wiki
