iptables / nftables over Linux Distros


Release dateKernel versioniptables / nftables
Ubuntu 18.04 LTS
4.15.0-213-genericufw uses iptables
Ubuntu 20.04 LTS
5.4.0-163-genericufw uses iptables / command not found: nft
Ubuntu 22.04 LTS
5.15.0-84-genericufw uses nft
CentOS 7.9-20092020-11-123.10.0-1160firewalld uses iptables
Rocky Linux 8.82023-05-204.18.0-477.10.1firewalld uses nft
Rocky Linux 9.22023-05-165.14.0-284.11.1firewalld uses nft


iptables

iptables -L -v -x


nftables

# cat /etc/rocky-release
Rocky Linux release 9.2 (Blue Onyx)

# systemctl status nftables.service
○ nftables.service - Netfilter Tables
     Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:nft(8)

# grep Exec /usr/lib/systemd/system/nftables.service
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset

# cat /etc/sysconfig/nftables.conf
#...
#include "/etc/nftables/main.nft"
#...
# start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.

# tree /etc/nftables
/etc/nftables
├── main.nft
├── nat.nft
├── osf/
│   └── pf.os
└── router.nft

# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running)

# nft list ruleset
table inet firewalld {
	chain mangle_PREROUTING {
    ...
}