Highest Voted 'nftables' Questions - Server Fault Stack Exchange

10

votes

2 answers

What is the different between "iifname" and "iif" in nftables?

https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Meta Is there any difference between iifname (outside the name is string) and iif and what is recommended?

iptables nftables

asked Sep 22 '19 at 07:36

mvorisek

485
6
19

7

votes

1 answer

Change policy with nftables on command line

With iptables I can change the for example INPUT policy with iptables -P INPUT DROP to drop. Is there any option to do the same with nft? Editing /etc/nftables.conf would work of course but that is not what I want.

firewall nftables

asked Jul 24 '20 at 19:55

Hannes

181
2
8

6

votes

3 answers

How to redirect requests on port 80 to localhost:3000 using nftables?

I would like for network traffic that arrives on 192.168.0.1:80 to be redirected to 127.0.0.1:3000. And, I would like the mapping of the response to be handled as well. My complete NAT and Filter table rules are pasted below. I am able to receive…

nftables

asked Jun 17 '20 at 03:08

stackhatter

73
1
7

5

votes

1 answer

Fail2ban with nftables and IPv6

EDIT: added additional .conf filer and slightly changed wording as suggested by Marco I'm running Fail2ban v0.10 which is supposed to support IPv6. I've set up Fail2ban with nftables according to these instructions, with the exception that I used…

ipv6 fail2ban nftables

asked Sep 11 '17 at 15:44

Didier

53
1
7

5

votes

1 answer

Transparent firewall with nftables and VLANs

I want to ask you for best practice advice in transparent firewall build. I have 2 segments of network and CentOS serv with 2 10G interfaces. I want to filter/monitor/limit/drop traffic between segments. Traffic is tagged. Should I untagg traffic…

linux firewall vlan nftables

asked Jun 29 '17 at 13:04

Severgun

163
1
8

5

votes

1 answer

Where are nftables counters logged/stored, and how long do they persist?

I'm attempting to track the total data being transmitted from a specific set of IP addresses (both IPv4 and IPv6) using nftables with a named counter on the rule. My goal is to be able to track this total over the course of a calendar month so I can…

networking logging traffic nftables accounting

asked May 25 '20 at 18:34

oucil

445
3
16

4

votes

1 answer

Viewing NAT connections with nftables

How to track nat outgoing connections with nftables. Just need to look at nat stats, which output addresses used more or less. root@nat-1:~# nft list table nat table ip nat { chain post { type nat hook postrouting priority 100;…

nat nftables

asked Dec 04 '19 at 13:07

Tomato

69
1
8

4

votes

1 answer

How do you set a max connection limit with nftables?

I'm looking to limit the number of concurrent connections to a given service running on a Linux server. My understanding is that this can be done in iptables using the connlimit module. So for example, if I wanted to limit concurrent connections to…

linux nftables connlimit

asked Oct 05 '18 at 04:48

PeterM

113
1
5

4

votes

1 answer

Migration of ebtables arp rule to nftables

I'd like to move to nftables (Ubuntu trusty, kernel 3.19). However I wonder how to migrate ebtables rules for ARP packets: -p ARP --arp-op Request --arp-ip-src 192.168.178.237 --arp-mac-src 2:fb:c5:e0:ef:a3 -j ACCEPT The command nft add rule…

iptables nftables

asked Oct 05 '15 at 11:10

gucki

788
2
10
28

4

votes

1 answer

iptables - use service name or port number, IP-address or hostname?

iptables (and/or the successor tool nftables) is the user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, which is implemented as different Netfilter modules. (summary…

linux networking iptables firewall nftables

asked Aug 26 '22 at 17:42

HBruijn

72,524
21
127
192

4

votes

1 answer

CentOS 8 as NAT router with nft and firewalld - how to get it to pass TFTP?

I am trying to set up PXE booting (which requires TFTP) on one of my networking that is hiding behind a NAT router. My question is similar to many others around the 'Net, but all the answers I found applied to CentOS 7 with iptables. I need to do…

firewalld tftp nftables

asked Nov 10 '20 at 23:02

Kevin Keane

860
1
8
13

4

votes

0 answers

IPsets in FirewallD with Nftables backend

I upgraded my server to Fedora 32. Firewalld has switched the backend to Nftables. My setup is pretty simple. Just HTTP, HTTPS, SSH, SMTP ports open and multiple IPsets (IPv4, IPv6) to block a preset list of IP addresses. Earlier I used to do…

fedora firewalld nftables ipset firewalld-zone

asked Jun 05 '20 at 14:52

user213598

3

votes

1 answer

Bridge + nftables: How to redirect incoming HTTP/HTTPS traffic to local port 8080?

I have set up a bridge and would like to redirect HTTP/HTTPS traffic traversing it to a local port (8080) so that I can further process it using mitmproxy. So far I was using a combination of ebtables & iptables rules. Unfortunately, I had to learn…

redirect port bridge nftables mitmproxy

asked Dec 26 '19 at 13:23

Tobias

61
1
5

3

votes

1 answer

How to drop packets based on a probability with nftables?

iptables has the statistic module that allows doing operations on packets based on a probability, how would I go about and do this with nftables?

linux iptables nftables

asked Jun 18 '19 at 03:21

Avamander

193
1
11

3

votes

1 answer

How to match reqid in nftables?

It seems linux already has a module for nftables nf_xfrm, which contains some code about reqid, however there is no description about it in man page. So, how to translate the following command to nftables? iptables -D FORWARD -s 10.0.0.1/32 -i…

linux iptables firewall nftables

asked Jun 17 '19 at 13:30

user762750

179
1
9

Questions tagged [nftables]