Configure nftables on Arch Linux

Arch Linux uses nftables as the default netfilter framework.

Step 1 – Install and enable

pacman -S --noconfirm nftables
systemctl enable --now nftables

Step 2 – Edit `/etc/nftables.conf`

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        # Allow loopback
        iif lo accept

        # Allow established/related
        ct state established,related accept

        # Allow ICMP
        ip protocol icmp accept
        ip6 nexthdr icmpv6 accept

        # Allow SSH
        tcp dport 22 accept

        # Allow HTTP/HTTPS
        tcp dport { 80, 443 } accept
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}

Step 3 – Apply and persist

nft -f /etc/nftables.conf
systemctl reload nftables

Step 4 – List current rules

nft list ruleset

Configure Firewall on Arch Linux

Configure nftables on Arch Linux

Step 1 – Install and enable

Step 2 – Edit /etc/nftables.conf

Step 3 – Apply and persist

Step 4 – List current rules

Step 2 – Edit `/etc/nftables.conf`