Completed
CLI vs. File • It is possible to enter all of the elements of the tables via the nft CLI - However, some of the options can be tricky to enter from the command line due to the shell's line interpreter
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Firewalls with NFtables
Automatically move to the next video in the Classroom when playback concludes
- 1 Introducción
- 2 Network Packet Filtering Within each operating system with network connectivity, we must take into account the evil cyber wonks, script kiddies, and drive-bys They have nothing better to do with thei…
- 3 Packet Filters • Validates a packet based mostly on the contents of its IP header
- 4 Well known Port Examples • Most systems (regardless of OS) has 65535 ports
- 5 Problems with Port Blocking • FTP example
- 6 Example Packet Filtering Rules • Packet filter behavior is defined by the use of rules
- 7 Stateless Filters: Pros & Cons Advantages
- 8 Stateful Filters: Pros & Cons • Advantages
- 9 Problems with Xtables • The Xtables mechanism has been in use since the 2.4 kernel • Defining both stateless and stateful firewall rules can be tedious due to the number of rules that need to be writ…
- 10 Enter nftables In 2009, the ntables project was created by Patrick McHardy to address the perceived problems of netfiter code duplication for each protocol and that of the Xtables mechanism slowing d…
- 11 nftables Architecture In order to simplify all of the Xtables commands into a generic syntax with a common API and significantly reduce the amount of duplicated code, nftables borrows the interpreter…
- 12 Basic Approach The sequence of tasks in nftables is to create a table(s), then chain(s), then rule(s) • Each command should include an address family
- 13 CLI vs. File • It is possible to enter all of the elements of the tables via the nft CLI - However, some of the options can be tricky to enter from the command line due to the shell's line interpreter