Loading Configurations from a File

To load an nftable ruleset, table, or chain from a file into memory, you can perform this task manually or automatically when rebooting a system.

To manually load an nftables file, do the following:

1. Before loading a new configuration from a file, drop the existing tables:

   sudo nft flush ruleset

   Note:

   This step is crucial to avoid conflicts between the new and old configurations and ensures a clean and consistent application of the new rules.

2. Run the following command to load the file into memory:

   sudo nft -f /etc/nftables/<import_file_name>.nft

   In the previous, <import_file_name> is the name of the file with the information to be imported. This file might contain a ruleset, one or more tables, one or more chains within a table, and any associated rules.

   Note:

   The atomic reload is an nftables feature that ensures that connection tracking is preserved during rule reloading, providing a seamless transition to the new configuration.

3. List a ruleset to verify that the file imported correctly:

   sudo nft list rulesets

To automatically load a ruleset from a file when restarting the system, do the following:

1. Edit the /etc/sysconfig/nftables.conf file to include the .nft table files you want to include at startup. If this file doesn't exist, create it. For example, the following shows that the /etc/sysconfig/nftables.conf now includes the exported /etc/nftables/myruleset.nft file.

   # Uncomment the include statement here to load the default config sample
   # in /etc/nftables for nftables service.
   
   include "/etc/nftables/myruleset.nft"
   
   # To customize, either edit the samples in /etc/nftables, append further
   # commands to the end of this file or overwrite it after first service
   # start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.
   

2. Enable and start the nftables service:

   sudo systemctl enable --now nftables