THE Technical Conference on Linux Networking

Netdev 0.1

Sessions

tutorial | nftables tutorial

Pablo Neira Ayuso and Patrick McHardy
Confederation III

nftables is the next generation Netfilter packet filtering software that aims to replace {ip,ip6,eb,arp}tables. This project comes with the new libnftnl userspace library, the nft userspace configuration utility and backward compatibility utilities.

nftables reuses the main building blocks of the Netfilter infrastructure such as the existing hooks, the connection tracking system, NAT, the userspace queueing infrastructure and the logging subsystems.

This tutorial will describe its features, architecture, interface, what it is currently cooking and future plans. This will also include examples both from the application programming and the user interfaces.

slides: /docs/nftables-rmll-2014.pdf
video: https://www.youtube.com/watch?v=cODU94yVxDs