3 Configuring the Firewall with nftables

This chapter describes configuring the firewall with nftables. It also provides examples for configuring nftables tables, chains, and rules that enforce network security on a system with the nft command. These examples are appropriate for learning about nftables; however, for more advanced users, consider editing nftables configurations from a file. For more information about nftables file syntax, see the nft(8) manual page.

Note:

When you create nftables configurations using nft commands, these configurations reside in the system's memory until you flush the memory or restart the system. To make these configurations persistent across system boots, consider exporting the configurations to an .nft file and setup the system to include the file when starting the nftables service. For more information about exporting configurations to a file, see Exporting Configurations to a File. For more information about loading a configuration file into nftables either manually or automatically, see Loading Configurations from a File.

Note:

When working with nftables, it's good practice to keep a local connection (for example, with a serial console if possible) to recover from mistakes that might lock you out of the system.