Nftables: Difference between revisions
WhyNotHugo (talk | contribs) |
WhyNotHugo (talk | contribs) (Document -nftables packages) |
||
Line 7: | Line 7: | ||
The default rules shipped will block all incoming connections. | The default rules shipped will block all incoming connections. | ||
= Packaged Rules = | |||
{{Note|This section describes changes that are still being implemented and subject to change}} | |||
Many packages with server software are accompanied by an <code>-nftables</code> package which include the typical default rules to expose the server. | |||
For example, <code>openssh-nftables</code> will open the default port used by <code>openssh</code> (i.e.: TCP port 22). | |||
To enable these rules, they must be symlinked in <code>nftable</code>'s configuration directory. E.g.: | |||
<pre> | |||
ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft | |||
</pre> | |||
= See also = | = See also = |
Revision as of 10:13, 26 November 2024
The nftables package provides user-space tools to control the Linux nftables subsystem.
A service that loads the rules from /etc/nftables.d can be enabled with:
rc-update add nftables boot rc-service nftables start
The default rules shipped will block all incoming connections.
Packaged Rules
Note: This section describes changes that are still being implemented and subject to change
Many packages with server software are accompanied by an -nftables
package which include the typical default rules to expose the server.
For example, openssh-nftables
will open the default port used by openssh
(i.e.: TCP port 22).
To enable these rules, they must be symlinked in nftable
's configuration directory. E.g.:
ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft
See also
- nftables - ArchWiki
- nftables project homepage
- Uncomplicated Firewall: Firewall program with higher level abstractions.