Forrest logo
tool overview
On this page you find all important commands for the CLI tool nft. If the command you are looking for is missing please ask our AI.

nft

Nft is a command line tool that is used for managing the netfilter subsystem in the Linux kernel. It allows users to create and manage rules for packet filtering and network address translation. Nft stands for "Netfilter tables," which are a replacement for the older iptables framework. This tool provides a more modern and efficient way to manage firewall rules and perform network traffic manipulation. Nft uses a custom scripting language called nftables, which is used to define rulesets and handle packet filtering. It supports various types of rules, including packet classification, stateful firewalling, and network address translation. Additionally, nft offers a rich set of functions and expressions, making it highly flexible and powerful for configuring network security and traffic control.

List of commands for nft:

  • nft:tldr:0349f nft: View current configuration.
    $ sudo nft list ruleset
    try on your machine
    explain this command
  • nft:tldr:10d3f nft: Add a NAT rule to translate all traffic from the `192.168.0.0/24` subnet to the host's public IP.
    $ sudo nft add rule ${nat} ${postrouting} ip saddr ${192-168-0-0-24} ${masquerade}
    try on your machine
    explain this command
  • nft:tldr:13287 nft: Add a new chain to accept all inbound traffic.
    $ sudo nft add chain ${inet} ${filter} ${input} \{ type ${filter} hook ${input} priority ${0} \; policy ${accept} \}
    try on your machine
    explain this command
  • nft:tldr:3fff1 nft: Show rule handles.
    $ sudo nft --handle --numeric list chain ${family} ${table} ${chain}
    try on your machine
    explain this command
  • nft:tldr:57b69 nft: Delete a rule.
    $ sudo nft delete rule ${inet} ${filter} ${input} handle ${3}
    try on your machine
    explain this command
  • nft:tldr:75ade nft: Save current configuration.
    $ sudo nft list ruleset > ${-etc-nftables-conf}
    try on your machine
    explain this command
  • nft:tldr:79a99 nft: Add a new rule to accept several TCP ports.
    $ sudo nft add rule ${inet} ${filter} ${input} ${tcp} ${dport \{ telnet, ssh, http, https \} accept}
    try on your machine
    explain this command
  • nft:tldr:fb70a nft: Add a new table with family "inet" and table "filter".
    $ sudo nft add table ${inet} ${filter}
    try on your machine
    explain this command
tool overview