From 41e691a12b8aea74945595b09092eb3e2bd60f72 Mon Sep 17 00:00:00 2001
From: Rowan Freeman <rowanfreeman@users.noreply.github.com>
Date: Sat, 3 Feb 2018 21:30:37 +1100
Subject: [PATCH] nft: add page (#1932)

---
 pages/linux/nft.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 pages/linux/nft.md

diff --git a/pages/linux/nft.md b/pages/linux/nft.md
new file mode 100644
index 0000000000..329cd5d310
--- /dev/null
+++ b/pages/linux/nft.md
@@ -0,0 +1,32 @@
+# nft
+
+> Allows configuration of tables, chains and rules provided by the Linux kernel firewall.
+> Nftables replaces iptables.
+
+- View current configuration:
+
+`sudo nft list ruleset`
+
+- Add a new table with family "inet" and table "filter":
+
+`sudo nft add table {{inet}} {{filter}}`
+
+- Add a new chain to accept all inbound traffic:
+
+`sudo nft add chain {{inet}} {{filter}} {{input}} \{ type {{filter}} hook {{input}} priority {{0}} \; policy {{accept}} \}`
+
+- Add a new rule to accept several TCP ports:
+
+`sudo nft add rule {{inet}} {{filter}} {{input}} {{tcp}} {{dport \{ telnet, ssh, http, https \} accept}}`
+
+- Show rule handles:
+
+`sudo nft --handle --numeric list chain {{family}} {{table}} {{chain}}`
+
+- Delete a rule:
+
+`sudo nft delete rule {{inet}} {{filter}} {{input}} handle {{3}}`
+
+- Save current configuration:
+
+`sudo nft list ruleset > {{/etc/nftables.conf}}`