nftables

From Alpine Linux
Revision as of 06:03, 5 August 2025 by Prabuanand (talk | contribs) (updated page based on https://gitlab.alpinelinux.org/alpine/aports/-/issues/16177)

The netfilter.org nftables project provides user-space tools to control the Linux nftables subsystem.

Installation

To use nftables package, install it first:

# apk add nftables

Configuration

The default nftable rules shipped will block all incoming connections. A service that loads the rules from /etc/nftables.d folder can be enabled with:

# rc-update add nftables boot # rc-service nftables start

Packaged rules

#16177. This section describes a feature that are still being implemented and subject to change

Server software packages that are accompanied by an -nftables package includes the typical default rules to expose the server. For example, kdeconnect-nftables package will open the default port(s) used by kdeconnect. These rules are active upon package installation.

If nftables rules are in /usr/share/nftables.avail folder, they must be symlinked to /etc/nftables.d folder to enable them. For e.g if there is a rule /usr/share/nftables.avail/sshd.nft, issue the below command:

# ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft

See also

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Nftables&oldid=30644"