Is there a decent pure nftables tutorial/manual, preferably for debian, that is not based on the idea of using iptables as a steppingstone, that could help me build my own personal firewall?
Is there a decent pure nftables tutorial/manual, preferably for debian, that is not based on the idea of using iptables as a steppingstone, that could help me build my own personal firewall?
I wrote this for my own personal use: https://git.sr.ht/~delial/blogs/tree/master/item/2020-10-01_simple_stateful_firewall_with_nftables.md
It’s inspired by Arch’s simple stateful firewall using iptables, but completely re-done to properly utilize the unique features of nftables.
EDIT: Fediverse is lagging for me, and I can’t see your reply on my instance, so I’ll add my reply to here. The only other thing I would add is that you can find the port aliases nftables supports here (it’s not anywhere nice in their docs): http://git.netfilter.org/nftables/commit/src?id=9e45a28ca467f08b9c01baf73d1849055e53ea0b
EDIT2: My guide sets up output port sets and chain rules, which isn’t that much extra work, but some would say is a bit overboard. You can safely just add a rule to the output chain to accept all traffic (instead of any other rules):
nft add rule inet filter output accept
I skimmed through it and it seems it’ll be useful. I’ll take a look at it a bit more later.
Any other hints?
Thak you!