bashLINUXnftfirewallrules
bash
sudo nft list rulesetDisplay the active nftables ruleset.
Linux Networking: Firewalls, NAT, and Netfilter
nftables, iptables, ufw, firewalld, conntrack, and packet flow debugging commands.
Export
Copy the compact sheet, download it, or print it.
Download
`D` dense toggle · `C` copy all
Firewalling with nftables and iptables
Inspect and manage packet filtering and NAT.
bashLINUXnftfirewalltable
bash
sudo nft add table inet filterCreate an inet filter table.
bashLINUXnftfirewallchain
bash
sudo nft 'add chain inet filter input { type filter hook input priority 0; policy drop; }'Create an input chain with a default policy.
bashLINUXnftsshallow
bash
sudo nft add rule inet filter input tcp dport 22 ct state new,established acceptPermit inbound SSH traffic.
bashLINUXiptablesfirewalllist
bash
sudo iptables -L -n -vShow IPv4 filter rules with counters.
bashLINUXiptablesbackuprules
bash
sudo iptables-saveDump current iptables rules in restore format.
bashLINUXiptablessshallow
bash
sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPTInsert a rule allowing inbound SSH.
bashLINUXiptablesblocksource-ip
bash
sudo iptables -A INPUT -s 203.0.113.25 -j DROPBlock all inbound traffic from a source IP.
bashLINUXiptablesnatmasquerade
bash
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEApply source NAT for outbound traffic.
bashLINUXufwfirewallstatus
bash
sudo ufw status verboseInspect uncomplicated firewall status and rules.
bashLINUXufwallowport
bash
sudo ufw allow 443/tcpAllow inbound TCP on a specific port.
bashLINUXfirewalldzonesstatus
bash
sudo firewall-cmd --list-allShow active firewalld zones and services.
bashLINUXfirewalldserviceallow
bash
sudo firewall-cmd --permanent --add-service=https && sudo firewall-cmd --reloadPermanently allow the HTTPS service.
Netfilter and Policy Debugging
Inspect conntrack, counters, and common packet flow issues.
bashLINUXconntrackstateconnections
bash
sudo conntrack -LInspect conntrack table entries.
bashLINUXconntrackdeletestate
bash
sudo conntrack -D -p tcp --orig-src 10.0.0.10 --orig-dst 10.0.0.20Remove conntrack state for a given flow.
bashLINUXiptablescountersdebug
bash
sudo iptables -ZZero rule counters before testing packet paths.
bashLINUXnfttracedebug
bash
sudo nft monitor traceMonitor nftables trace events for debugging.
bashLINUXsysctlroutingforwarding
bash
sysctl net.ipv4.ip_forwardInspect whether packet forwarding is enabled.
bashLINUXsysctlroutingforwarding
bash
sudo sysctl -w net.ipv4.ip_forward=1Turn on IPv4 forwarding immediately.
More in Linux Networking
Linux Networking: Troubleshooting and Diagnostics
Reachability, latency, DNS, proxy, logs, and real-time diagnostics for Linux network incidents.
Linux Networking: DNS, HTTP, and TLS Testing
DNS troubleshooting, resolver inspection, HTTP probing, and TLS certificate testing from Linux.
Linux Networking: Routing, VLANs, Bridges, and Tunnels
Linux routing tables, policy routing, bridges, VLANs, bonds, and tunnel configuration commands.
Linux Networking Cheat Sheet
Comprehensive Linux networking commands for interfaces, sockets, packet capture, and throughput testing.