Highest Voted 'nftables' Questions - Server Fault Stack Exchange

4

votes

1 answer

CentOS 8 as NAT router with nft and firewalld - how to get it to pass TFTP?

I am trying to set up PXE booting (which requires TFTP) on one of my networking that is hiding behind a NAT router. My question is similar to many others around the 'Net, but all the answers I found applied to CentOS 7 with iptables. I need to do…

firewalld tftp nftables

asked Nov 10 '20 at 23:02

Kevin Keane

900
1
8
13

4

votes

0 answers

IPsets in FirewallD with Nftables backend

I upgraded my server to Fedora 32. Firewalld has switched the backend to Nftables. My setup is pretty simple. Just HTTP, HTTPS, SSH, SMTP ports open and multiple IPsets (IPv4, IPv6) to block a preset list of IP addresses. Earlier I used to do…

fedora firewalld nftables ipset firewalld-zone

asked Jun 05 '20 at 14:52

user213598

3

votes

1 answer

Migrating from libvirt + iptables to libvirt + nftables

I'm about to migrate a Debian Stretch host using qemu-kvm to Debian Buster. I've seen people complaining on the Internet about issues due to nftables becoming default in place of iptables and libvirt using iptables rules. Rules automatically written…

kvm-virtualization libvirt firewalld nftables debian-buster

asked Dec 04 '19 at 15:45

Jérôme

615
2
8
19

3

votes

1 answer

Nftables cannot process any commands

After updating from Stretch to Buster and moving from iptables to nftables, the nft command doesn't process any given command except for list, which doesn't print anything. The input nft flush ruleset prints: Error: Could not process rule: Invalid…

debian-stretch nftables

asked Oct 04 '19 at 13:06

Martin Horský

171
5

3

votes

1 answer

How to flush and restore nftables rules from /etc/nftables.conf?

For iptables I used to run iptables-restore < /etc/iptables/rules.v4 which would flush rules and restore them from /etc/iptables/rules.v4. For nftables, I found nft -f /etc/nftables.conf, but the rules are not flushed* prior to restoring them from…

nftables

asked Aug 01 '19 at 15:14

sunknudsen

701
3
14
28

3

votes

1 answer

How to drop packets based on a probability with nftables?

iptables has the statistic module that allows doing operations on packets based on a probability, how would I go about and do this with nftables?

linux iptables nftables

asked Jun 18 '19 at 03:21

Avamander

203
2
11

3

votes

1 answer

How to match reqid in nftables?

It seems linux already has a module for nftables nf_xfrm, which contains some code about reqid, however there is no description about it in man page. So, how to translate the following command to nftables? iptables -D FORWARD -s 10.0.0.1/32 -i…

linux iptables firewall nftables

asked Jun 17 '19 at 13:30

user762750

181
1
10

3

votes

0 answers

Getting NATed traffic returned back to the right interface

On a custom board (running a 4.x kernel), I have two physical ethernet interfaces and one radio modem that gives me a ppp-interface. iproute2 has been installed, and I am using nftables (not iptables). My issue is that I want to forward specific UDP…

nat iproute2 dnat nftables

asked Nov 09 '16 at 15:59

mroek

31
1

3

votes

1 answer

nftable rules get invalidated on reconnect (VDSL, ppp0)

I'm rebuilding my router using nftables on debian jessie. I have a working setup up to the moment where my ISP decides to reassign a new WAN IP by reconnecting my DSL-link. After such a reconnect the router itself has an online connection, but…

debian point-to-point-protocol pppoe nftables reconnect

asked Oct 16 '16 at 03:24

Kai Giebeler

263
2
7

3

votes

2 answers

Drop fragmented packets in nftables

Using iptables is it possible to block fragmented packets with this rule: iptables -A INPUT -f -j DROP But there isn't a equivalent in nftables. There is any way to do it?

networking iptables ipv4 packets nftables

asked Apr 22 '16 at 10:43

rfmoz

772
9
15

3

votes

2 answers

nftables alternative for iptables -F

Simply, is there any quick alternative of iptables -F command (that just "deletes everything") for nftables? Such thing wouldn't have much theoretical purposes, but it's usually a lifesaver for administration of bad/gone-wrong setups.

linux networking iptables nftables

asked May 13 '14 at 15:44

exa

571
4
14

3

votes

2 answers

NFTABLE issue: IPv6 does not behave like IPv4 with mirror config

I have an issue with IPv6 on my server. I have nginx configured to listen on port 443 from IPv4 and IPv6. And it works great: my webiste is available form Internet with TLS enabled. Things get complicated when I activate nftables: when I am…

networking iptables firewall ipv6 nftables

asked Sep 27 '21 at 19:38

Ricain

133
4

3

votes

1 answer

iptables/nftables: how to exclude all forwarded traffic from connection tracking on a router?

A Linux box has multiple network interfaces. IP forwarding is enabled for IPv4 and IPv6. I would like to protect the services running on the router itself via a stateful firewall. For that, connection tracking needs to be enabled. At the same time,…

iptables nftables

asked Sep 25 '21 at 12:03

Sven

133
5

3

votes

1 answer

configure my linux as a router, how do enable port forwarding with nftables?

I'm trying to configure my Gentoo Linux as a router. this is my configuration so far. WAN NIC is enp3s0 and LAN NIC is enp1s0f0 accepting connections to ICMP, tcp ports 53, 22, 80, 443, 445, 5900 and udp ports 53,67,68 from LAN accepting connection…

linux firewall nat nftables

asked Jun 23 '21 at 19:24

ufk

333
3
8
31

3

votes

2 answers

Debian 10: How can I disable nftables and continue to use IPTables only?

I just installed a new Debian 10 and realized that both nftables and iptables are active and somehow my IPTables rules get mixed up and don't work properly. How can I completely disable nftables and use IPTables-only instead?

debian iptables firewall port-forwarding nftables

asked Jul 14 '20 at 13:04

manifestor

6,079
7
27
39

Questions tagged [nftables]