\n<\/p>\n
In the world of Linux, firewalls play a crucial role in protecting systems from potential threats. While the traditional <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n \n<\/ol>\n <\/p>\n <\/p>\n Before we proceed with the setup, ensure you have:<\/p>\n <\/p>\n <\/p>\n \n<\/ul>\n <\/p>\n <\/p>\n On most modern Linux distributions, <\/p>\n For Debian\/Ubuntu<\/strong>:<\/p>\n <\/p>\n <\/p>\n For Fedora<\/strong>:<\/p>\n <\/p>\n <\/p>\n For CentOS\/RHEL<\/strong>:<\/p>\n <\/p>\n <\/p>\n Once installed, enable and start the <\/p>\n <\/p>\n <\/p>\n Nftables rules are organized into tables, chains, and rules. Here’s a brief overview:<\/p>\n <\/p>\n <\/p>\n <\/p>\n \n<\/ul>\n <\/p>\n The commands to manage <\/p>\n <\/p>\n Let’s create a basic ruleset to control incoming and outgoing traffic.<\/p>\n <\/p>\n Create a New Ruleset File:<\/strong><\/p>\n <\/p>\n Start by creating a new file, e.g., <\/p>\n \n<\/li>\n <\/p>\n Define the Ruleset:<\/strong><\/p>\n <\/p>\n Here’s a simple configuration to allow established connections and block everything else:<\/p>\n <\/p>\n \n<\/li>\n <\/p>\niptables<\/code> has served well over the years, nftables<\/code> is the new standard for packet filtering and firewall management in Linux. It’s designed to simplify the process of creating and managing firewall rules, offering enhanced performance and usability. In this guide, we’ll walk you through the process of mastering nftables<\/code> and setting up a robust firewall for your Linux server.<\/p>\nWhat is Nftables?<\/h2>\n
nftables<\/code> is the successor to iptables<\/code>, providing a single framework to handle both IPv4 and IPv6 packets as well as ARP. It introduces a new command-line interface and uses a more efficient data structure that results in better performance and easier management. Additionally, it allows you to create complex rule sets in a more straightforward way compared to its predecessors.<\/p>\nWhy Use Nftables?<\/h2>\n
<\/p>\n
nftables<\/code> reduces the complexity of managing rules.<\/li>\nPrerequisites<\/h2>\n
<\/p>\n
Step 1: Installing Nftables<\/h2>\n
nftables<\/code> comes pre-installed. However, if it’s not installed, you can easily set it up using your package manager.<\/p>\nsudo apt update
\nsudo apt install nftables<\/code><\/pre>\nsudo dnf install nftables<\/code><\/pre>\nsudo yum install nftables<\/code><\/pre>\nnftables<\/code> service:<\/p>\nsudo systemctl enable nftables
\nsudo systemctl start nftables<\/code><\/pre>\nStep 2: Understanding Nftables Configuration<\/h2>\n
<\/p>\n
nftables<\/code> follow this structure. <\/p>\nStep 3: Creating Your First Nftables Ruleset<\/h2>\n
<\/p>\n
\/etc\/nftables.conf<\/code>.<\/p>\nsudo nano \/etc\/nftables.conf<\/code><\/pre>\n#!\/usr\/sbin\/nft -f
\n
\ntable inet filter {
\n chain input {
\n type filter hook input priority 0; policy drop;
\n iif \"lo\" accept # Allow loopback traffic
\n ct state established,related accept # Allow established traffic
\n ip saddr 192.168.1.0\/24 accept # Allow local network
\n tcp dport ssh accept # Allow SSH
\n tcp dport http accept # Allow HTTP
\n tcp dport https accept # Allow HTTPS
\n }
\n
\n chain output {
\n type filter hook output priority 0; policy accept; # Allow all outgoing traffic
\n }
\n}<\/code><\/pre>\n