Linux command
nftables 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
List all rules
sudo nft list ruleset
Add table
sudo nft add table inet [filter]
Add chain
sudo nft add chain inet [filter] [input] '{ type filter hook input priority 0; }'
Add rule
sudo nft add rule inet [filter] [input] tcp dport [22] accept
Delete rule
sudo nft delete rule inet [filter] [input] handle [5]
Load rules from file
sudo nft -f [/etc/nftables.conf]
Flush all rules
sudo nft flush ruleset
说明
nftables is the modern Linux firewall framework replacing iptables. It provides a single unified interface for IPv4, IPv6, ARP, and bridge filtering. nftables uses a new syntax and improves on iptables performance and functionality.
参数
- list
- List objects.
- add
- Add object.
- delete
- Delete object.
- flush
- Flush objects.
- -f _file_
- Read commands from file.
- -i
- Interactive mode.
- -n
- Numeric output.
FAQ
What is the nftables command used for?
nftables is the modern Linux firewall framework replacing iptables. It provides a single unified interface for IPv4, IPv6, ARP, and bridge filtering. nftables uses a new syntax and improves on iptables performance and functionality.
How do I run a basic nftables example?
Run `sudo nft list ruleset` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does list do in nftables?
List objects.