Firewall

BPFILTER: the next-generation Linux firewall

BPFILTER is one of the newer features to provide traffic filtering. Learn how it works and why it may replace iptables as the firewall on Linux systems.

Summary

The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel. What is BPFILTER? BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF.

Beginners guide to traffic filtering with nftables

The replacement of iptables is known as nftables. In this article, we learn to install nftables and configure it, to secure your Linux systems.

Summary

Learn how to use nftables in this introduction guide to the tool. With common examples, frequently asked questions, and generic tips.

Differences between iptables and nftables explained

An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.

Summary

The seasoned Linux administrator will be familiar with iptables, the network traffic filter. If you ever configured a Linux system with an ethernet bridge configuration, you might even have worked with ebtables. Or possibly you wanted to filter ARP traffic and used arptables? Newcomer nftables has arrived, with the purpose to replace iptables, ip6tables, ebtables and arptables. As with every big upcoming change, it is good to know the differences. We explain what makes nftables different to iptables, and why you want to adopt it in the near future.

Block IP addresses in Linux with iptables

Use iptables and ipset to create a blacklist and block one or more IP addresses on Linux. This guide will explain how to use and configure blacklists.

Summary

Most system administrators will already be familiar with iptables. It is around for quite a while and is enabled by default within the Linux kernel. We can use iptables to block one, multiple IP addresses, or even full networks. This may come in handy when you get repeating port scans or see failed login attempts in your log files. Time to get started and block some IP addresses! Check existing iptables configuration The first step is to validate existing iptables rules.

Exporting nftables rules and configuration

nftables has an easy way to export firewall rules via the nft command line utility. By using the export parameter with json or xml, we can export it in the right format.

Summary

The usage of nftables will slowly grow in the upcoming years, with the goal to become the successor of iptables. Where iptables rules are harder to parse, nftables comes by default with an exporting facility. Exports formats include JSON and XML. Command syntax When using the command line utility nft for the first time, it looks a little bit unfriendly to the user. No suggestions on what to do, nor clear help on often used commands.