Exporting nftables rules and configuration

The usage of nftables will slowly grow in the upcoming years, with the goal to become the successor of iptables. Where iptables rules are harder to parse, nftables comes by default with an exporting facility. Exports formats include JSON and XML.

Command syntax

When using the command line utility nft for the first time, it looks a little bit unfriendly to the user. No suggestions on what to do, nor clear help on often used commands. To save you some time, we will look into nftables and document them for easy access later on. We are sure the utilities of nftables, with nft in particular, will get some work in the upcoming releases.

Exporting rules

The tool nft has an export option, followed by the format to export. Right now it support both JSON or XML. These formats are common and very easy to parse.

Export to XML:

nft export xml

The output will look something like this:

nft export json

Importing nftables rules

At this moment there is no import function yet. According to the documentation, this will be implemented in the upcoming releases. Clearly a useful option for sharing rules over many systems. One great example is the proposed nf**-sync** utility, which replicates nftables rules.

Take the next step!

Want to learn more about Linux security? Have a look at the open source tool Lynis and become a Linux security expert yourself.

Lynis is a battle-tested technical security audit tool. It is open source, freely available, and used by system administrators all over the world. Other users include IT auditors, security professionals, like pentesters.

Tool Information

Visit project page
Screenshot of Lynis security tool