Firewall

Beginners Guide to nftables Traffic Filtering

The replacement of iptables is known as nftables. In this introduction, we learn to install nftables and configure it, to secure your Linux systems.

Summary of Beginners Guide to nftables Traffic Filtering

Traffic filtering with nftables Many Linux administrators became familiar with iptables and ip6tables. Less familiar are tools like arptables and ebtables. Meet the successor of them all: nftables, a packet filtering framework, with the goal to replace all the previous ones. After reading this guide you will be able to configure your own firewall configuration. Step by step we will show how nftables work. Although no knowledge of iptables is needed, we will share some differences with iptables where applicable.

Read the full article…

BPFILTER: the next-generation Linux firewall

BPFILTER is one of the newer features to provide traffic filtering. Learn how it works and why it may replace iptables as the firewall on Linux systems.

Summary of BPFILTER: the next-generation Linux firewall

The Linux community has a continuous drive to enhance the GNU/Linux kernel. When we look at network traffic filtering, we moved from ipchains to iptables. More recently we saw the introduction of nftables. Next in line is BPFILTER, part of the development work for the Linux 4.18 kernel. What is BPFILTER? BPFILTER is short for BPF based packet filtering framework. In other words, it is a framework that does packet filtering and is based on BPF.

Read the full article…

Differences between iptables and nftables explained

An overview of the differences between firewall technologies iptables and nftables. We highlight the major differences like simplicity and management.

Summary of Differences between iptables and nftables explained

The seasoned Linux administrator will be familiar with iptables, the network traffic filter. If you ever configured a Linux system with an ethernet bridge configuration, you might even have worked with ebtables. Or possibly you wanted to filter ARP traffic and used arptables? Newcomer nftables has arrived, with the purpose to replace iptables, ip6tables, ebtables and arptables. As with every big upcoming change, it is good to know the differences. We explain what makes nftables different to iptables, and why you want to adopt it in the near future.

Read the full article…

Exporting nftables rules and configuration

nftables has an easy way to export firewall rules via the nft command line utility. By using the export parameter with json or xml, we can export it in the right format.

Summary of Exporting nftables rules and configuration

The usage of nftables will slowly grow in the upcoming years, with the goal to become the successor of iptables. Where iptables rules are harder to parse, nftables comes by default with an exporting facility. Exports formats include JSON and XML. Command syntax When using the command line utility nft for the first time, it looks a little bit unfriendly to the user. No suggestions on what to do, nor clear help on often used commands.

Read the full article…

How to secure a Linux system

Looking to secure your Linux system? This security guide shows you how to perform system hardening and run technical audits to keep it in optimal condition.

Summary of How to secure a Linux system

Every Linux system will benefit from more security, especially if it contains sensitive data. With so many resources available on the internet, one might think that securing Linux has become easy. We know it is not. Linux system hardening takes a good amount of understanding about how the Linux kernel works. It also requires a good understanding of the operating system principles. In this guide, we will help you to get this understanding and provide you with tips and tools.

Read the full article…

Linux vulnerabilities: from detection to treatment

How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.

Summary of Linux vulnerabilities: from detection to treatment

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it.

Read the full article…

Ubuntu system hardening guide for desktops and servers

Step by step guide to secure any Ubuntu desktop or server. Harden your Ubuntu during installation and afterwards with the available security tips.

Summary of Ubuntu system hardening guide for desktops and servers

The system hardening process of a system is critical during and after installation. It helps the system to perform its duties properly. This blog post shows you several tips for Ubuntu system hardening. It will dive into the most critical steps to take first. Then more specific hardening steps can be added on top of these. As most security guides only tell you what to do, we will also go into more detail on why a specific security measure is important.

Read the full article…