Tool and Usage
nftables is a subsystem of the Linux kernel to filter and classify network traffic and supposed to replace netfilter.
nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.
Why this tool?
Advantages of nftables over Netfilter are less code duplication, better performance, and easier to manage the rules. Instead of multiple utilities (iptables, ip6tables, arptables, and ebtables), everything is now configured with just one main utility named nft.
How it works
nftables uses the existing building blocks of the Netfilter infrastructure, like the existing hooks within the kernel. These include subsystems like the networking stack, connection tracking system, userspace queueing, and logging.
Usage and audience
nftables is commonly used for network traffic filtering. Target users for this tool are general public and system administrators.
- nftables is written in C
- Command line interface
- Support for IPv6
- + The source code of this software is available
Support operating systems
Nftables is known to work on Linux.
|Latest release||0.7 [2016-12-20]|
|Last updated||Sept. 17, 2017|
|nftables project website|
nftables training guides
This tool is also part of the Linux Security Expert training program.