← 返回命令列表

Linux command

nft 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

List current ruleset

sudo nft list ruleset

Add a table

sudo nft add table inet [filter]

Add a chain with a hook

sudo nft add chain inet [filter] [input] \{ type filter hook input priority 0 \; policy accept \; \}

Add a rule to accept specific ports

sudo nft add rule inet [filter] [input] tcp dport \{ ssh, http, https \} accept

Delete a rule by handle

sudo nft delete rule inet [filter] [input] handle [3]

Flush all rules

sudo nft flush ruleset

Save ruleset to file

sudo nft list ruleset > /etc/nftables.conf

说明

nft is the command-line interface for nftables, the modern Linux kernel packet filtering framework that replaces iptables, ip6tables, arptables, and ebtables with a unified syntax and improved performance. nftables uses a hierarchy of tables, chains, and rules. Address families include inet (IPv4+IPv6), ip (IPv4 only), ip6 (IPv6 only), bridge, arp, and netdev. Rules can be loaded from files using `nft -f /etc/nftables.conf`.

参数

list ruleset
Display the current complete ruleset
add table _family_ _name_
Create a new table
add chain _family_ _table_ _chain_ _specification_
Create a new chain
add rule _family_ _table_ _chain_ _statement_
Add a rule to a chain
delete rule _family_ _table_ _chain_ handle _n_
Delete a rule by its handle
flush ruleset
Remove all rules and tables
--handle
Show rule handles for deletion
--numeric
Show numeric output (no name resolution)

FAQ

What is the nft command used for?

nft is the command-line interface for nftables, the modern Linux kernel packet filtering framework that replaces iptables, ip6tables, arptables, and ebtables with a unified syntax and improved performance. nftables uses a hierarchy of tables, chains, and rules. Address families include inet (IPv4+IPv6), ip (IPv4 only), ip6 (IPv6 only), bridge, arp, and netdev. Rules can be loaded from files using `nft -f /etc/nftables.conf`.

How do I run a basic nft example?

Run `sudo nft list ruleset` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does list ruleset do in nft?

Display the current complete ruleset