nftables

LSE toolsLSE toolsnftables (217)nftables (217)

Tool and Usage

Project details

License
GPLv2
Programming language
C
Latest release
0.8.3
Latest release date

Project health

67
This score is calculated by different factors, like project age, last release date, etc.

Introduction

nftables is supposed to replace netfilter as the primary interface of network filtering. It is available since Linux kernel 3.13. Both netfilter and nftables have been co-authored by Patrick McHardy.

Why this tool?

Advantages of nftables over Netfilter are less code duplication, better performance, and easier to manage the rules. Instead of multiple utilities (iptables, ip6tables, arptables, and ebtables), everything is now configured with just one main utility named nft.

How it works

nftables uses the existing building blocks of the Netfilter infrastructure, like the existing hooks within the kernel. These include subsystems like the networking stack, connection tracking system, userspace queueing, and logging.

Usage and audience

nftables is commonly used for network traffic filtering. Target users for this tool are general public and system administrators.

Features

  • Command line interface
  • Support for IPv6

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + The source code of this software is available

Installation

Supported operating systems

Nftables is known to work on Linux.

nftables alternatives

Similar tools to nftables:

67

iptables

The iptables tool is the userspace command line program part of the netfilter project. Since Linux 2.4 it is the standard packet filtering engine. Among standard traffic filtering, it can be used for Network Address Translation (NAT).

81

Douane

Douane is an application firewall that interacts with the user to allow or deny new network connections.

60

Anti-DDOS

Anti-DDOS is an open source software project developed to protect against DDoS attacks. The project consists of a shell script to set up iptables for traffic filtering. Additionally, it will configure kernel parameters to better withstand lots of network traffic.

All nftables alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a Linux firewall and network traffic filtering tool.

Related topics