Exporting nftables rules and configuration

The usage of nftables will slowly grow in the upcoming years, with the goal to become the successor of iptables. Where iptables rules are harder to parse, nftables comes by default with an exporting facility. Exports formats include JSON and XML.

Command syntax

When using the command line utility nft for the first time, it looks a little bit unfriendly to the user. No suggestions on what to do, nor clear help on often used commands. To save you some time, we will look into nftables and document them for easy access later on. We are sure the utilities of nftables, with nft in particular, will get some work in the upcoming releases.

Exporting rules

The tool nft has an export option, followed by the format to export. Right now it support both JSON or XML. These formats are common and very easy to parse.

Export to XML:

nft export xml

nft export json

Importing nftables rules

At this moment there is no import function yet. According to the documentation, this will be implemented in the upcoming releases. Clearly a useful option for sharing rules over many systems. One great example is the proposed nf**-sync** utility, which replicates nftables rules.

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon