Nftables: Difference between revisions

From Alpine Linux
m (fixed typo)
 
Line 14: Line 14:
== Packaged rules ==
== Packaged rules ==


{{Issue|16177|This section describes a feature that are still being implemented and subject to change}}
Server software packages that are accompanied by an <code>-nftrules</code> package includes the typical default rules to expose the server. For example, {{pkg|openssh-nftrules}} package will open the default port(s) used by {{pkg|openssh}}. These rules are not active upon package installation. They are installed in the <code>/usr/share/nftables.avail/</code> directory. The user can either symlink them individually to <code>/etc/nftables.d/</code>, or add this configuration line <code>include "/usr/share/nftables.avail/*.nft"</code> to <code>/etc/nftables.nft</code>.
 
Server software packages that are accompanied by an <code>-nftables</code> package includes the typical default rules to expose the server. For example, {{pkg|kdeconnect-nftables}} package will open the default port(s) used by {{pkg|kdeconnect}}. These rules are active upon package installation.


== See also ==
== See also ==

Latest revision as of 06:11, 20 August 2025

The nftables project provides user-space tools to control the Linux nftables subsystem.

Installation

To use nft command from nftables package, install it first:

# apk add nftables

Configuration

The default nftable rules shipped will block all incoming connections. A service that loads the rules from /etc/nftables.d folder can be enabled with:

# rc-update add nftables boot # rc-service nftables start

If nftables rules are in /usr/share/nftables.avail folder, they must be symlinked to /etc/nftables.d folder to enable them. For e.g if there is a rule /usr/share/nftables.avail/sshd.nft, issue the below command:

# ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft

Packaged rules

Server software packages that are accompanied by an -nftrules package includes the typical default rules to expose the server. For example, openssh-nftrules package will open the default port(s) used by openssh. These rules are not active upon package installation. They are installed in the /usr/share/nftables.avail/ directory. The user can either symlink them individually to /etc/nftables.d/, or add this configuration line include "/usr/share/nftables.avail/*.nft" to /etc/nftables.nft.

See also

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Nftables&oldid=30763"