nftables

E886826

Linux firewall framework Netfilter component packet filtering framework

nftables is a Linux kernel framework and user-space utility for packet filtering, network address translation (NAT), and firewall configuration, designed as the modern replacement for iptables within the Netfilter project.

Try in SPARQL Jump to: Statements Referenced by

Statements (70)

Predicate	Object
instanceOf	Linux firewall framework ⓘ Netfilter component ⓘ packet filtering framework ⓘ
category	Linux security software ⓘ firewall software ⓘ networking software ⓘ
configurationFileExtension	.nft ⓘ
configurationLanguage	nftables ruleset language ⓘ
designGoal	improve performance ⓘ provide more expressive rule syntax ⓘ reduce code duplication in kernel ⓘ replace legacy iptables framework ⓘ simplify firewall management ⓘ unify IPv4 IPv6 ARP and bridge filtering ⓘ
developedBy	Netfilter core team NERFINISHED ⓘ
developedInLanguage	C ⓘ
documentation	Netfilter nftables wiki NERFINISHED ⓘ nft man page ⓘ
firstAppearedIn	Linux kernel 3.13 NERFINISHED ⓘ
hasComponent	nf_tables kernel subsystem ⓘ nft userspace utility ⓘ
hasFeature	JSON output support ⓘ compatibility layer for iptables ⓘ concise rule syntax ⓘ flow offload via flowtables ⓘ interval sets ⓘ maps and verdict maps ⓘ per-rule and named counters ⓘ set-based matching ⓘ
homepage	https://www.netfilter.org/projects/nftables/ ⓘ
implements	atomic rule updates ⓘ connection tracking integration ⓘ dynamic sets ⓘ named counters ⓘ rule set transactions ⓘ stateful packet inspection ⓘ verdict maps ⓘ
kernelInterface	nf_tables ⓘ
license	GPL NERFINISHED ⓘ
operatingSystem	Linux ⓘ
partOf	Linux kernel networking subsystem NERFINISHED ⓘ Netfilter project NERFINISHED ⓘ
replaces	arptables NERFINISHED ⓘ ebtables NERFINISHED ⓘ ip6tables NERFINISHED ⓘ iptables NERFINISHED ⓘ
stableSupportIn	Linux kernel 3.18 NERFINISHED ⓘ
supportsAbstraction	chains ⓘ flowtables ⓘ maps ⓘ sets ⓘ stateful objects ⓘ tables ⓘ
supportsFunction	logging ⓘ masquerading ⓘ network address translation ⓘ packet filtering ⓘ packet mangling ⓘ port forwarding ⓘ rate limiting ⓘ stateful firewalling ⓘ traffic classification ⓘ
supportsProtocolFamily	ARP ⓘ IPv4 ⓘ IPv6 ⓘ bridge ⓘ inet ⓘ netdev ⓘ
userSpaceTool	nft ⓘ
usesBackend	BPF for packet matching (optional) ⓘ

Referenced by (3)

Full triples — surface form annotated when it differs from this entity's canonical label.

netfilter → hasComponent → nftables ⓘ

netfilter → replacedBy → nftables ⓘ

iptables → replacedBy → nftables ⓘ