• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

nft: command not found

by Deepika

“nft” is a tool for configuring the Linux kernel firewall in a user-friendly way. It is designed to replace the older “iptables” firewall configuration tool. The “nftables” firewall framework provides more advanced functionality and improved performance compared to “iptables”.

“nft” allows system administrators to manage tables, chains, and rules in the Linux kernel firewall. A table in the firewall represents a specific domain of rules, such as the IPv4 or IPv6 domains. Chains are sequences of rules within a table, and rules define the actions to be taken for specific packets. The rules can include actions such as accepting, rejecting, or logging incoming packets.

“nft” provides a flexible and powerful interface for configuring the Linux kernel firewall, making it easier for system administrators to set up and manage firewall rules. The tool allows rules to be specified using a simple and intuitive syntax, and it provides a wide range of features for fine-tuning the firewall configuration.

If you encounter the below error while running the command nft:

nft: command not found

you may try installing the below package as per your choice of distribution:

Distribution Command
Debian apt-get install nftables
Ubuntu apt-get install nftables
Alpine apk add nftables
Arch Linux pacman -S nftables
Kali Linux apt-get install nftables
CentOS yum install nftables
Fedora dnf install nftables
Raspbian apt-get install nftables

nft Command Examples

1. View current configuration:

# sudo nft list ruleset

2. Add a new table with family “inet” and table “filter”:

# sudo nft add table inet filter

3. Add a new chain to accept all inbound traffic:

# sudo nft add chain inet filter input \{ type filter hook input priority 0 \; policy accept \}

4. Add a new rule to accept several TCP ports:

# sudo nft add rule inet filter input tcp dport \{ telnet, ssh, http, https \} accept

5. Add a NAT rule to translate all traffic from the `192.168.0.0/24` subnet to the host’s public IP:

# sudo nft add rule nat postrouting ip saddr 192.168.0.0/24 masquerade

6. Show rule handles:

# sudo nft --handle --numeric list chain family table chain

7. Delete a rule:

# sudo nft delete rule inet filter input handle 3

8. Save current configuration:

# sudo nft list ruleset > /etc/nftables.conf

Filed Under: Linux

Some more articles you might also be interested in …

  1. whereis: command not found
  2. Getting “parsing errors” When Running ‘yum repolist’
  3. grpck command – Remove corrupt or duplicate entries in the /etc/group and /etc/gshadow files.
  4. LVM Commands Fail With “Failed to load config file /etc/lvm/lvm.conf”
  5. How to remove the multipath device after unmapping the storage LUN from server
  6. How to blacklist a local disk using the “find_multipaths” directive in CentOS/RHEL 6
  7. Apache HTTP server – most commonly used containers (special configuration directives)
  8. nmap: command not found
  9. printf Command Examples in Linux
  10. pvchange Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright