Thank you for this! I’ve done nftables before, but completely forgot everything about it, and this seriously helped me get back on track. Such a shame the documentation for such an amazing tool is so fragmented.
2:38 I think there is mistake in config file. You need "type filter hook forward priority 0; " in chain forward , and you need type filter hook output priority 0; " in chain output.
Very helpful, thanks so much. I can't get over the fact that the help command nft -h only gives you options, no commands and nothing else. FIVE pages into the man page, and I still have no clue how to do anything, how it works, or what hooks are for. It's a list of definitions, not a guide.
Why can't people just use what they want? X distro is better than y distro? Or x text editor is better than y? It's just dumb, it's all hackable and customizable why does it matter.
Thanks for this intro. I find The nftables documentation relatively indigestible (too many options that are not explained for exemple). Is there any beginer book over there ?
firewalld is using iptables or now nftables as backend. User doesn't care. For debian users it's ufw probably, story is the same, backend can transparently change.
I see some examples doing, say: nft rule add filter input tcp dport 22 accept Where others add the state full bit: nft rule add filter input tcp dport 22 ct state new accept. What's the practical difference/benefit of doing the latter in this context where outbound traffic is already permitted anyway?
Resumen del video [00:00:00][^1^][1] - [00:08:49][^2^][2]: Este video proporciona una guía introductoria sobre cómo configurar el firewall nftables en Debian Buster. El presentador explica que nftables ofrece un mejor rendimiento y capacidad de filtrado tanto para conexiones deseadas como no deseadas. A pesar de la documentación limitada, el presentador logra configurar reglas efectivas directamente en los archivos de configuración y demuestra cómo aceptar o rechazar conexiones a ciertos puertos utilizando los protocolos TCP, UDP e ICMP. **Destacados**: + [00:00:00][^3^][3] **Introducción a nftables** * Cambio de iptables a nftables en Debian Buster * Mejora en rendimiento y filtrado de paquetes + [00:01:28][^4^][4] **Instalación y comandos básicos** * Cómo instalar nftables y habilitar el servicio * Uso del comando 'nft' para la gestión de reglas + [00:02:01][^5^][5] **Edición directa de la configuración** * Modificación del archivo nf tables.conf con un editor de texto * Importancia de la precisión en la sintaxis y el formato + [00:03:28][^6^][6] **Reglas para conexiones entrantes** * Aceptar conexiones del bucle local y conexiones establecidas * Rechazar conexiones inválidas y configurar límites para evitar inundaciones de ping + [00:04:08][^7^][7] **Mantener la conexión SSH** * Asegurar el acceso SSH al servidor durante la configuración del firewall * Permitir tráfico de direcciones IP específicas y rechazar el resto + [00:07:02][^8^][8] **Control de acceso a servicios** * Configuración de reglas para permitir o rechazar el acceso a servicios web * Uso de rangos de puertos y respuesta a solicitudes no autorizadas By Copilot
As a "Getting Started" video, I was expecting more information on what is "iifname" or whats "ct state established" etc. That was a good attempt however, people can benefit from what are all those terms and why are they put in that place rather than just follow and copy what is being shown in the video. Just my opinion.
this is literally just copy and pasting from the docs and reading the comments from them. If you’re going to babble on for two minutes about how bad the docs are at least add some actual insight into what you’re typing.
As far as I can tell, most of the time only end user on laptop is using real hardware. The rest is somewhere in DC, mostly on VM if they are old fashioned. If they are modern they use containers or k8s or serverless, one more abstraction layer away.
Thank you for this! I’ve done nftables before, but completely forgot everything about it, and this seriously helped me get back on track. Such a shame the documentation for such an amazing tool is so fragmented.
Thanks for this simple tutorial, it helped me getting started with nftables
very nice thank u ... please continue and make it a series for a small home server
Perfect vídeo! Straight to the point and easy to understand
Thanks for this brief tutorial! I was indeed stuck in looking for a beginner's guide. Keep it up!
Thank you for that cool tutorial! It's nice to have an overview about that, although I'm definetly more into the firewalld syntax :D
Good comment about the documentation that are really poor as I have also worked with Nftables few days ago, few information and example about it.
2:38 I think there is mistake in config file. You need "type filter hook forward priority 0; " in chain forward , and you need type filter hook output priority 0; " in chain output.
Indeed.
This will definitely be useful at some point.
Very helpful, thanks so much. I can't get over the fact that the help command nft -h only gives you options, no commands and nothing else. FIVE pages into the man page, and I still have no clue how to do anything, how it works, or what hooks are for. It's a list of definitions, not a guide.
Thanks a lot Quids for this Part 1 of nftables.
me: *searching a vid over nftables 4 a test i have next lesson*
quidsup: *uses nano*
me: ight imma head out
post made by: vim gang
Why can't people just use what they want? X distro is better than y distro? Or x text editor is better than y? It's just dumb, it's all hackable and customizable why does it matter.
Hands off my packets.
Hey, thanks for the amazing tutorial, really helped me.
Thanks for this intro. I find The nftables documentation relatively indigestible (too many options that are not explained for exemple). Is there any beginer book over there ?
For simple tasks like this firewalld or even iptables is much-much better.
firewalld is using iptables or now nftables as backend. User doesn't care. For debian users it's ufw probably, story is the same, backend can transparently change.
@@StefanBeke omg, necro reply to 3y.o. comment
Thanks for this great tutorial.
I see some examples doing, say: nft rule add filter input tcp dport 22 accept
Where others add the state full bit: nft rule add filter input tcp dport 22 ct state new accept.
What's the practical difference/benefit of doing the latter in this context where outbound traffic is already permitted anyway?
Resumen del video [00:00:00][^1^][1] - [00:08:49][^2^][2]:
Este video proporciona una guía introductoria sobre cómo configurar el firewall nftables en Debian Buster. El presentador explica que nftables ofrece un mejor rendimiento y capacidad de filtrado tanto para conexiones deseadas como no deseadas. A pesar de la documentación limitada, el presentador logra configurar reglas efectivas directamente en los archivos de configuración y demuestra cómo aceptar o rechazar conexiones a ciertos puertos utilizando los protocolos TCP, UDP e ICMP.
**Destacados**:
+ [00:00:00][^3^][3] **Introducción a nftables**
* Cambio de iptables a nftables en Debian Buster
* Mejora en rendimiento y filtrado de paquetes
+ [00:01:28][^4^][4] **Instalación y comandos básicos**
* Cómo instalar nftables y habilitar el servicio
* Uso del comando 'nft' para la gestión de reglas
+ [00:02:01][^5^][5] **Edición directa de la configuración**
* Modificación del archivo nf tables.conf con un editor de texto
* Importancia de la precisión en la sintaxis y el formato
+ [00:03:28][^6^][6] **Reglas para conexiones entrantes**
* Aceptar conexiones del bucle local y conexiones establecidas
* Rechazar conexiones inválidas y configurar límites para evitar inundaciones de ping
+ [00:04:08][^7^][7] **Mantener la conexión SSH**
* Asegurar el acceso SSH al servidor durante la configuración del firewall
* Permitir tráfico de direcciones IP específicas y rechazar el resto
+ [00:07:02][^8^][8] **Control de acceso a servicios**
* Configuración de reglas para permitir o rechazar el acceso a servicios web
* Uso de rangos de puertos y respuesta a solicitudes no autorizadas
By Copilot
quidsup Thanks for the video, quids this helped alot!! Do you think you could also show us how you use nano so easily as well?!
a vim plugin
@@austinmurphy9074 omg not another vim faithful.
How did you get the syntax highlighting for the config file on nano?
Quick question why yose drip as default instead of reject?
Your videos are very informative. Thank you!
I have issue in Debian9 - Mounted USB External HDD (NTFS) - Read only... Can you advise please?
Thanks!
Do wish pf where a valid option for a firewall on Linux systems.
How to allow traffic for tor and for individual applications (for example firefox) with nftables drop policies?
The Line:"ip6 nextdhr icmpv6 icmpv6 type echo-request limit rate 2/second accept;" doesnt work at my System. Can someone tell me what did i do wrong?
Thanks 😊
awesome
As a "Getting Started" video, I was expecting more information on what is "iifname" or whats "ct state established" etc. That was a good attempt however, people can benefit from what are all those terms and why are they put in that place rather than just follow and copy what is being shown in the video. Just my opinion.
nifty
i think dont need firewall, except for server
Response to UDP make this computer a source of DDoS attack.
Junge Und sowas NullPingt meinen Server lmao
this is literally just copy and pasting from the docs and reading the comments from them. If you’re going to babble on for two minutes about how bad the docs are at least add some actual insight into what you’re typing.
Using VMs for tutorials = FAIL. No matter what anyone says, it is Not the same.
As far as I can tell, most of the time only end user on laptop is using real hardware. The rest is somewhere in DC, mostly on VM if they are old fashioned. If they are modern they use containers or k8s or serverless, one more abstraction layer away.