🔥 Modern Firewall Management with nftables on RHEL-Based Systems (AlmaLinux, CentOS, Rocky Linux) Print

🚀 Introduction

RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux marks a significant evolution in Linux firewall management by adopting nftables as its default packet filtering framework. This article provides an in-depth look at nftables on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux--explaining its architecture, benefits over legacy systems, basic command usage, and best practices for configuration and management.

📌 1️⃣ What is nftables?

nftables is a modern packet filtering framework introduced to replace the older iptables-legacy system. It simplifies rule management and improves performance while offering enhanced flexibility through sets, maps, and stateful filtering.

🔹 Key Features:

✅ Simplified Syntax

• Uses a more streamlined language for defining firewall rules, reducing complexity in large rule sets.

✅ Efficient Rule Handling

• Processes rules more efficiently, particularly for complex filtering requirements or high packet rates.

✅ Enhanced Flexibility

• Supports sets and maps, allowing administrators to group IP addresses, ports, or protocols together for easier management.

✅ Stateful Filtering

• Natively supports connection tracking, enabling dynamic and intelligent packet filtering.

🏆 2️⃣ Why RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux Uses nftables

RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux has moved away from iptables-legacy in favor of nftables for several reasons:

🔹 Performance Improvements

• Handles high volumes of traffic more efficiently.

🔹 Modern Architecture

• Reduces redundancy and complexity, making rule management and debugging easier.

🔹 Future-Proofing

• With widespread adoption across Linux distributions, nftables is the sustainable solution for evolving security needs.

Unlike some distributions where you can switch between iptables-legacy and nftables, RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux uses nftables by default with an iptables-nft compatibility layer, meaning traditional iptables commands are automatically translated into nftables rules.

🛠️ 3️⃣ Basic nftables Commands

🔎 Viewing the Entire Ruleset

nft list ruleset

📌 This displays all tables and chains currently loaded into nftables.

➕ Adding a New Rule

nft add rule ip filter INPUT ip saddr 192.168.1.0/24 accept

📌 This rule allows traffic from 192.168.1.0/24 in the INPUT chain of the ip filter table.

❌ Deleting a Rule

nft delete rule ip filter INPUT handle <rule_handle>

📌 Find the rule handle from the output of nft list ruleset before deleting.

💾 Save and Restore Rules

✅ Save your configuration:

nft list ruleset > /etc/nftables.conf

✅ Restore your ruleset after a reboot:

nft -f /etc/nftables.conf

⚙️ 4️⃣ Configuring Persistence

To ensure that nftables rules persist after a reboot:

✅ Enable the Service:

systemctl enable nftables

✅ Start the Service:

systemctl start nftables

📌 The nftables service will automatically load /etc/nftables.conf during system startup.

🏗️ 5️⃣ Best Practices for Managing nftables on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux

✅ Use Configuration Files

• Always manage firewall rules via configuration files, avoiding direct kernel changes where possible.

🔄 Backup Your Configuration

• Before making changes, backup your ruleset:

cp /etc/nftables.conf /etc/nftables.conf.bak

🛠 Test Rules in a Controlled Environment

• Apply new rules on a test server or during a maintenance window to prevent disruptions.

📊 Leverage Sets and Maps

• Use nftables' powerful grouping features for easier management of large or dynamic IP lists.

📈 Regularly Review Active Rules

nft list ruleset

• Periodically review active rules to ensure they align with security policies.

🎯 6️⃣ Conclusion

nftables on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux provides a modern, efficient, and flexible approach to firewall management. By moving away from iptables-legacy, RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux simplifies firewall rule handling while improving performance and scalability.

🚀 Key Takeaways:

✔️ nftables is faster and more efficient than iptables-legacy. ✔️ RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux automatically translates iptables commands into nftables rules. ✔️ Use configuration files and best practices to ensure persistence and security. ✔️ Regularly review rulesets to maintain a secure firewall configuration.

By understanding and utilizing nftables, administrators can effectively manage firewalls on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux, taking full advantage of its enhanced security and performance capabilities. 🔥🔒