Skip to main content
Server Fault

Questions tagged [nftables]

Ask Question

packet filtering framework, userspace utility and compatibility layer for {ip,ip6}tables, developed as consolidated replacement for existing {ip,ip6,arp,eb}tables frameworks

272 questions
Newest Active Bountied Unanswered
1 vote
1 answer
57 views

I’ve been working on securing my home server and I’m exploring port knocking with nftables. The goal is to hide certain services and only allow access after a specific sequence of connection attempts. ...
Rohan's user avatar
  • 11
0 votes
0 answers
44 views

Context I let docker (29.1.4, build 0e6fee6) produce its own rules { "firewall-backend": "nftables" } and I am working on their cohabitation with my main pretty restrictive ...
zar3bski's user avatar
  • 145
1 vote
1 answer
374 views

Two examples of port knocking rulesets are given on the nftables wiki. Both of these examples work, but the sequence is not reset if the wrong port is knocked. That is, if the correct sequence is A, B,...
forest's user avatar
  • 535
-1 votes
1 answer
193 views

(First, please excuse me. Not a professional sysadmin, just someone who has had to set up a VPS recently). I recently set up a new Almalinux 10 box, and I wanted to add port knocking to it to further ...
PaulJ's user avatar
  • 169
1 vote
1 answer
230 views

I am trying to setup some very specific rules with NF tables, but I am stuck at some point. There is obviously something I am missing. Here is the script I am using: #!/usr/sbin/nft -f flush ruleset ...
calandoa's user avatar
  • 1,375
3 votes
2 answers
676 views

I'd like to use nftables to set up a firewall in the following way: a basic table with a default-deny policy custom tables (which I'd add per service running on a machine) which allow only relevant ...
Jakob Odersky's user avatar
  • 161
0 votes
0 answers
47 views

I was following solution 1 from https://unix.stackexchange.com/a/693643/29529 but I get the following error in the 1st command ~# iptables -t mangle -A INPUT -i eth1 -j CONNMARK --set-mark 2 iptables ...
nass's user avatar
  • 618
0 votes
0 answers
147 views

I have two VPSs (SERVER-A and SERVER-B) connected to a 10.252.1.0/24 WireGuard network. The WireGuard client config in SERVER-A has AllowedIPs=10.252.1.0/24 and SERVER-B has AllowedIPs = 0.0.0.0/0. ...
Christian's user avatar
  • 1
0 votes
1 answer
546 views

I have a proxmox server on 73.xx.xx.xx which I wanna do a port foward to. In this case its 51800/udp to 192.168.2.2 I have configured the firewall from proxmox and the vm itself. Both processes ...
Riccoh's user avatar
  • 103
0 votes
0 answers
107 views

I've launched a new AWS EC2 instance running Amazon Linux 2023. I want to set up nftables with the nftables.conf file to limit the concurrent connections per source IP so that any one user cannot hog ...
Inukshuk's user avatar
  • 265
0 votes
0 answers
80 views

I am setting up a firewall to guard a web server. I don't need it to be secure since it is not publicly available and will not be in the near future. But I need to set up the firewall so that the ...
Oscarito's user avatar
  • 1
0 votes
1 answer
289 views

I have an IPtables matching as -m policy --dir out --pol ipsec --mode tunnel --tunnel-src 1.1.1.2 --tunnel-dst 1.1.1.1. I know that this matching works with nftables in compatible mode as xt "...
Mohammadmahdi's user avatar
  • 15
0 votes
1 answer
231 views

i have a seemingly easy goal: there is a certain container. i want traffic originating from that container to be routed via custom routing table to vpn. i don't need ALL container traffic to be routed ...
user1255323's user avatar
  • 11
0 votes
1 answer
124 views

Default nftables: nft list ruleset table inet filter { chain input { type filter hook input priority filter; policy accept; iif "lo" accept ...
dr.ipkins's user avatar
  • 13
0 votes
0 answers
169 views

I have a setup where I'm attempting to restrict access to the server with iptables rules that specify allowed IP ranges, like this: -A INPUT -i lo -j ACCEPT -A INPUT -s 127.0.0.0/8 -j ACCEPT -A INPUT -...
Xutulu's user avatar
  • 1

15 30 50 per page
1
2 3 4 5
19