LSE toolsLSE toolsnftables (163)nftables (163)

Tool and Usage

nftables is a subsystem of the Linux kernel to filter and classify network traffic and supposed to replace netfilter.


nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

Why this tool?

Advantages of nftables over Netfilter are less code duplication, better performance, and easier to manage the rules. Instead of multiple utilities (iptables, ip6tables, arptables, and ebtables), everything is now configured with just one main utility named nft.

How it works

nftables uses the existing building blocks of the Netfilter infrastructure, like the existing hooks within the kernel. These include subsystems like the networking stack, connection tracking system, userspace queueing, and logging.

Usage and audience

This tool is categorized as a Linux firewall and network traffic filtering tool.

nftables is commonly used for network traffic filtering. Target users for this tool are general public and system administrators.


  • nftables is written in C
  • Command line interface
  • Support for IPv6

Tool review

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available


Support operating systems

Nftables is known to work on Linux.

This tool page was recently updated. Found an improvement? Become an influencer and submit an update.
Project details
Latest release0.7 [2016-12-20]
Last updatedSept. 17, 2017

Project health

This score is calculated by different factors, like project age, last release date, etc.


 nftables project website
Twitter icon@nftables

nftables training guides

This tool is also part of the Linux Security Expert training program.

    Related terms