nftables

From Alpine Linux

The nftables project provides user-space tools to control the Linux nftables subsystem.

Installation

To use nft command from nftables package, install it first:

# apk add nftables

Configuration

The default nftable rules shipped will block all incoming connections. A service that loads the rules from /etc/nftables.d folder can be enabled with:

# rc-update add nftables boot # rc-service nftables start

If nftables rules are in /usr/share/nftables.avail folder, they must be symlinked to /etc/nftables.d folder to enable them. For e.g if there is a rule /usr/share/nftables.avail/sshd.nft, issue the below command:

# ln -s /usr/share/nftables.avail/sshd.nft /etc/nftables.d/sshd.nft

Packaged rules

Server software packages that are accompanied by an -nftrules package includes the typical default rules to expose the server. For example, openssh-nftrules package will open the default port(s) used by openssh. These rules are not active upon package installation. They are installed in the /usr/share/nftables.avail/ directory. The user can either symlink them individually to /etc/nftables.d/, or add this configuration line include "/usr/share/nftables.avail/*.nft" to /etc/nftables.nft.

See also

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Nftables&oldid=30763"