{"id":1036,"date":"2024-11-24T12:45:30","date_gmt":"2024-11-24T11:45:30","guid":{"rendered":"https:\/\/www.cipv6.de\/worp\/?p=1036"},"modified":"2024-11-24T12:45:31","modified_gmt":"2024-11-24T11:45:31","slug":"do-you-use-nftables-or-iptables-or-both","status":"publish","type":"post","link":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/11\/24\/do-you-use-nftables-or-iptables-or-both\/","title":{"rendered":"Do you use NFTables or IPTables (or both) ?"},"content":{"rendered":"\n

Most major Linux distributions have adopted nftables as their default firewall framework, often using it under the hood for iptables commands. Here are some of the key distributions that support nftables:<\/p>\n\n\n\n

    \n
  1. Debian<\/strong>: Starting with Debian Buster, nftables is the default backend for iptables.<\/li>\n\n\n\n
  2. Ubuntu<\/strong>: From Ubuntu 20.10 (Groovy Gorilla) onwards, nftables is included and can be used as the default firewall framework.<\/li>\n\n\n\n
  3. Fedora<\/strong>: Fedora has integrated nftables and uses it as the default firewall framework.<\/li>\n\n\n\n
  4. Arch Linux<\/strong>: Arch Linux includes nftables and provides packages for easy installation and configuration.<\/li>\n\n\n\n
  5. Red Hat Enterprise Linux (RHEL)<\/strong>: RHEL 8 and later versions use nftables as the default packet filtering framework.<\/li>\n<\/ol>\n\n\n\n

    Let’s examine a fresh installed Ubuntu 24.04 LTS on an RPI:

    What is \t\t\n\t\t\tiptables -V<\/span>\n\t\t\t<\/svg><\/span>\t\t\t<\/span>\n\t\t<\/span>\n\t\t<\/strong> telling me ?<\/p>\n\n\n\n

    \u250c\u2500\u2500$(root\u327fraspi24n)-[\/]\n\u2514\u2500# iptables -V\niptables v1.8.10 (nf_tables)<\/code><\/pre>\n\n\n\n
    The system does not use the legacy iptables framework, instead it uses the nf_tables version of iptables which provides a bridge to the nftables infrastructure\/framework.

    to complete the knowledge we check the symbolic link of iptables:<\/p>\n\n\n\n
    \u250c\u2500\u2500$(root\u327fraspi24n)-[\/]\n\u2514\u2500# ls -al \/usr\/sbin\/iptables\nlrwxrwxrwx 1 root root 26 Apr  8  2024 \/usr\/sbin\/iptables -> \/etc\/alternatives\/iptables\n\n\u2514\u2500# ls -l \/etc\/alternatives\/iptables\nlrwxrwxrwx 1 root root 22 Aug 27 16:29 \/etc\/alternatives\/iptables -> \/usr\/sbin\/iptables-nft<\/code><\/pre>\n\n\n\n
    Iptables-nft ruleset appears in the rule listing of nftables.
    <\/p>\n\n\n\n
    Is iptables-nft and nftables then the same <\/strong>? No<\/strong>, but they share the infrastructure<\/strong> of nftables<\/strong>.<\/p>\n\n\n\n
    \n
    Table of Contents<\/p>\n