Iptables vs nftables

From HPCWIKI
Jump to navigation Jump to search

iptables vs nftables[1]

iptables is a generic firewalling software that allows you to define rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). iptables has been a core component of Linux firewall solutions, offering flexibility and robust control over network traffic. However, its complex syntax can be intimidating.

nftables is the successor of iptables, it designed to address some of the limitations seen in iptables with Linux kernel 3.13 in 2014, it allows for much more flexible, scalable and performance packet classification. This is where all the fancy new features are developed.

iptables nftables
allows incoming SSH traffic on port 22 iptables -A INPUT -p tcp --dport 22 -j ACCEPT nft add rule ip filter input tcp dport 22 accept
Allow incomming traffics on port 80 and 443 
iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT

iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

nft add rule ip filter input tcp dport 80 ct state new,established accept

nft add rule ip filter input tcp dport 443 ct state new,established accept

References

  1. https://tuxcare.com/blog/iptables-vs-nftables-in-linux-what-is-the-difference/
Retrieved from "http://wiki.hpcmate.com/index.php?title=Iptables_vs_nftables&oldid=1944"