Nftables: Difference between revisions

From Alpine Linux
(Document -nftables packages)
Line 7: Line 7:


The default rules shipped will block all incoming connections.
The default rules shipped will block all incoming connections.
= Packaged Rules =
{{Note|This section describes changes that are still being implemented and subject to change}}
Many packages with server software are accompanied by an <code>-nftables</code> package which include the typical default rules to expose the server.
For example, <code>openssh-nftables</code> will open the default port used by <code>openssh</code> (i.e.: TCP port 22).
To enable these rules, they must be symlinked in <code>nftable</code>'s configuration directory. E.g.:
<pre>
ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft
</pre>


= See also =
= See also =

Revision as of 10:13, 26 November 2024

The nftables package provides user-space tools to control the Linux nftables subsystem.

A service that loads the rules from /etc/nftables.d can be enabled with:

rc-update add nftables boot
rc-service nftables start

The default rules shipped will block all incoming connections.

Packaged Rules

Note: This section describes changes that are still being implemented and subject to change

Many packages with server software are accompanied by an -nftables package which include the typical default rules to expose the server.

For example, openssh-nftables will open the default port used by openssh (i.e.: TCP port 22).

To enable these rules, they must be symlinked in nftable's configuration directory. E.g.:

ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft

See also