nftables

• nftables wiki
• Arch wiki: nftables
• Adoption
• Debian wiki

You should consider using a wrapper instead of writing your own firewalling scripts. It is recommended to run firewalld, which integrates pretty well into the system.

Setup

Show state of nftables.service:

systemctl status nftables.service

Usage

• Quick reference-nftables in 10 minutes
• Configuring tables

List all tables:

nft list tables

List complete ruleset:

nft list ruleset

List rules in chain:

nft list table inet filter

Flush all rules in table:

nft flush table ip filter

Migration

• Moving from iptables to nftables

Kubernetes

Still no support for nftables, blocking OAS to use nftables:

• kubernetes

• docker

• from the Calico 3.8.2 release notes:

  calico can run on systems which use iptables in nft compatibility mode …

  OAS / rancher / k8s 14.3 use calico 3.4

Ansible

Collections:

• ansibleguy/collection_nftables
  • Github
  • Docs
  • Recent commits, but no releases/tags

• imp1sh/ansible_nftwallcollection
  • Github
  • Last commit 2021-10, last release 2021-03

(Deprecated) roles:

• ipr-cnrs/nftables