About
Coreteam History License Thanks PGP key Projects iptables nftables Downloads libnftnl libnfnetlink libnetfilter_acct libnetfilter_log libnetfilter_queue libnetfilter_conntrack libnetfilter_cttimeout libnetfilter_cthelper conntrack-tools libmnl nfacct ipset ulogd xtables-addons News nftables 1.1.1 released libnftnl 1.2.8 released libnetfilter_conntrack 1.1.0 released nftables 1.1.0 released libnftnl 1.2.7 released Arturo Borrero enters emeritus Eric Leblond enters emeritus nftables 1.0.9 released iptables 1.8.10 released conntrack-tools 1.4.8 released nftables 1.0.8 released libnftnl 1.2.6 released nftables 1.0.7 released libnftnl 1.2.5 released iptables 1.8.9 released nftables 1.0.6 released libnftnl 1.2.4 released ulogd 2.0.8 released conntrack-tools 1.4.7 released nftables 1.0.5 released libnftnl 1.2.3 released nftables 1.0.4 released libnftnl 1.2.2 released nftables 1.0.3 released iptables 1.8.8 released libnetfilter_cttimeout 1.0.1 released libnetfilter_cthelper 1.0.1 released libmnl 1.0.5 released libnfnetlink 1.0.2 released nftables 1.0.2 released libnetfilter_conntrack 1.0.9 released settlement with Patrick McHardy Documentation Mailing Lists List Rules netfilter-announce list netfilter list netfilter-devel list Contact Licensing GPL licensing terms GPL compliance FAQ Supporting netfilter |
The netfilter.org "nftables" projectnftables replaces the popular {ip,ip6,arp,eb}tables. This software provides a new in-kernel packet classification framework that is based on a network-specific Virtual Machine (VM) and a new nft userspace command line tool. nftables reuses the existing Netfilter subsystems such as the existing hook infrastructure, the connection tracking system, NAT, userspace queueing and logging subsystem. This software also provides libnftables, the high-level userspace library that includes support for JSON, see man (3)libnftables for more information. You require the following software in order to run the nft command line tool:
nft syntax differs from {ip,ip6,eb,arp}tables. Moreover, there is a backward compatibility layer that allows you run iptables/ip6tables, using the same syntax, over the nftables infrastructure.
You can check out the nftables HOWTO documentation, there is also a manpage. |