Tool and Usage
|Latest release||0.8.3 |
nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.
Why this tool?
Advantages of nftables over Netfilter are less code duplication, better performance, and easier to manage the rules. Instead of multiple utilities (iptables, ip6tables, arptables, and ebtables), everything is now configured with just one main utility named nft.
How it works
nftables uses the existing building blocks of the Netfilter infrastructure, like the existing hooks within the kernel. These include subsystems like the networking stack, connection tracking system, userspace queueing, and logging.
Usage and audience
nftables is commonly used for network traffic filtering. Target users for this tool are general public and system administrators.
- Command line interface
- Support for IPv6
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
Supported operating systems
Nftables is known to work on Linux.
Similar tools to nftables:
The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).
Douane is an application firewall that interacts with the user to allow or deny new network connections.
Anti-DDOS is an open source software project developed to protect against DDoS attacks. The project consists of a shell script to set up iptables for traffic filtering. Additionally, it will configure kernel parameters to better withstand lots of network traffic.
This tool page was updated at . Found an improvement? Help the community by submitting an update.