Highest Voted 'nftables' Questions - Server Fault Stack Exchange

12

votes

2 answers

What is the different between "iifname" and "iif" in nftables?

https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Meta Is there any difference between iifname (outside the name is string) and iif and what is recommended?

iptables nftables

asked Sep 22 '19 at 07:36

mvorisek

515
1
9
19

9

votes

1 answer

Change policy with nftables on command line

With iptables I can change the for example INPUT policy with iptables -P INPUT DROP to drop. Is there any option to do the same with nft? Editing /etc/nftables.conf would work of course but that is not what I want.

firewall nftables

asked Jul 24 '20 at 19:55

Hannes

301
4
9

7

votes

3 answers

How to redirect requests on port 80 to localhost:3000 using nftables?

I would like for network traffic that arrives on 192.168.0.1:80 to be redirected to 127.0.0.1:3000. And, I would like the mapping of the response to be handled as well. My complete NAT and Filter table rules are pasted below. I am able to receive…

nftables

asked Jun 17 '20 at 03:08

stackhatter

183
1
1
7

6

votes

4 answers

How can I log packets dropped by policy in nftables?

I have a policy to drop packets in the input chain chain input { type filter hook input priority 0; policy drop; How can I log just these dropped packets?

linux-networking nftables

asked Mar 15 '19 at 16:41

mauricev

71
1
2
4

5

votes

1 answer

Bridge + nftables: How to redirect incoming HTTP/HTTPS traffic to local port 8080?

I have set up a bridge and would like to redirect HTTP/HTTPS traffic traversing it to a local port (8080) so that I can further process it using mitmproxy. So far I was using a combination of ebtables & iptables rules. Unfortunately, I had to learn…

redirect port bridge nftables mitmproxy

asked Dec 26 '19 at 13:23

Tobias

101
1
5

5

votes

1 answer

How do you set a max connection limit with nftables?

I'm looking to limit the number of concurrent connections to a given service running on a Linux server. My understanding is that this can be done in iptables using the connlimit module. So for example, if I wanted to limit concurrent connections to…

linux nftables connlimit

asked Oct 05 '18 at 04:48

PeterM

123
1
5

5

votes

1 answer

Fail2ban with nftables and IPv6

EDIT: added additional .conf filer and slightly changed wording as suggested by Marco I'm running Fail2ban v0.10 which is supposed to support IPv6. I've set up Fail2ban with nftables according to these instructions, with the exception that I used…

ipv6 fail2ban nftables

asked Sep 11 '17 at 15:44

Didier

53
1
1
7

5

votes

1 answer

Transparent firewall with nftables and VLANs

I want to ask you for best practice advice in transparent firewall build. I have 2 segments of network and CentOS serv with 2 10G interfaces. I want to filter/monitor/limit/drop traffic between segments. Traffic is tagged. Should I untagg traffic…

linux firewall vlan nftables

asked Jun 29 '17 at 13:04

Severgun

163
2
8

5

votes

2 answers

PREROUTING distinguish between INPUT and FORWARD packets

I'd like to do an iptables REDIRECT rule in the NAT PREROUTING chain, to redirect connections to port 80 to go to 8080. But I'd like to only do it for input packets (destined for this machine), not forwarded packets (destined for e.g. the…

iptables nftables

asked Sep 04 '15 at 05:12

Craig McQueen

780
7
20

5

votes

1 answer

iptables - use service name or port number, IP-address or hostname?

iptables (and/or the successor tool nftables) is the user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, which is implemented as different Netfilter modules. (summary…

linux networking iptables firewall nftables

asked Aug 26 '22 at 17:42

HBruijn

77,029
24
135
201

5

votes

1 answer

Where are nftables counters logged/stored, and how long do they persist?

I'm attempting to track the total data being transmitted from a specific set of IP addresses (both IPv4 and IPv6) using nftables with a named counter on the rule. My goal is to be able to track this total over the course of a calendar month so I can…

networking logging traffic nftables accounting

asked May 25 '20 at 18:34

oucil

557
6
21

4

votes

1 answer

Viewing NAT connections with nftables

How to track nat outgoing connections with nftables. Just need to look at nat stats, which output addresses used more or less. root@nat-1:~# nft list table nat table ip nat { chain post { type nat hook postrouting priority 100;…

nat nftables

asked Dec 04 '19 at 13:07

Tomato

79
1
8

4

votes

2 answers

How should nftables rules using hostnames be rewritten to deal with multiple addresses?

I have this nftables rule: ip daddr { "0.nixos.pool.ntp.org", "1.nixos.pool.ntp.org", "2.nixos.pool.ntp.org", "3.nixos.pool.ntp.org" } udp dport ntp accept comment "Allow NTP traffic for system time" The goal is to allow NTP traffic from a host…

firewall ntp nftables nixos

asked Apr 18 '19 at 13:27

Jean-Paul Calderone

362
1
4
14

4

votes

1 answer

How to define port range in nftables

I want to open a range of TCP ports in nftables on my servers. Normally, in netfilter/iptables I can write the rule like this iptables -A INPUT -p tcp 1000:2000 -j ACCEPT I tried to write in the same way in /etc/nftables.conf tcp dport {1000:2000}…

linux iptables firewall nftables

asked Dec 02 '16 at 10:08

Lamnk

1,095
3
11
17

4

votes

1 answer

Migration of ebtables arp rule to nftables

I'd like to move to nftables (Ubuntu trusty, kernel 3.19). However I wonder how to migrate ebtables rules for ARP packets: -p ARP --arp-op Request --arp-ip-src 192.168.178.237 --arp-mac-src 2:fb:c5:e0:ef:a3 -j ACCEPT The command nft add rule…

iptables nftables

asked Oct 05 '15 at 11:10

gucki

818
2
11
29

Questions tagged [nftables]