Difference between revisions of "Nftables"

From ArchWiki
Jump to: navigation, search
(Usage)
Line 21: Line 21:
  
 
  # nft add rule ip filter input tcp dport 80 drop
 
  # nft add rule ip filter input tcp dport 80 drop
 +
 +
Delete all rules in a chain:
 +
 +
# nft delete rule filter output
  
 
==Further reading==
 
==Further reading==

Revision as of 17:28, 20 January 2014

Related articles

nftables is the candidate for replacing iptables as the main Linux firewall utility from Linux kernel version 3.13 and on.

Currently, nftables is available on the AUR in package nftables-gitAUR.

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: nftables is an entirely new utility, and lacks sufficient documentation on this wiki, as well as elsewhere. (Discuss in Talk:Nftables#)

Usage

Drop output to a destination:

# nft add rule ip filter output ip daddr 1.2.3.4 drop

Drop packet to port 80:

# nft add rule ip filter input tcp dport 80 drop

Delete all rules in a chain:

# nft delete rule filter output

Further reading