Difference between revisions of "Configuring tables"

From nftables wiki
Jump to navigation Jump to search
(Created page with "You can also delete tables with the following command: <source lang="bash"> % nft delete table ip foo </source> '''Troubleshooting''': Since Linux kernel 3.18, you can delet...")
 
(Update flowtables link.)
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
You can also delete tables with the following command:
Tables are the top-level containers within an nftables ruleset; they hold [[Configuring_chains|chains]], [[Sets|sets]], [[Maps|maps]], [[Flowtables|flowtables]], and [[Stateful_objects|stateful objects]].
 
Each table belongs to exactly one [[Nftables_families|family]]. So your ruleset requires at least one table for each family you want to filter.
 
Following are some basic operations and commands for configuring tables:
 
= Adding tables =
 
<source lang="bash">
% nft add table ip filter
</source>
 
= Show/List tables =
 
<source lang="bash">
% nft list tables
</source>
 
= Deleting tables =


<source lang="bash">
<source lang="bash">
Line 5: Line 23:
</source>
</source>


'''Troubleshooting''': Since Linux kernel 3.18, you can delete tables and its content with this command. However, before that version, you need to delete its content first, otherwise you hit an error that look like this:
'''Troubleshooting''': Since Linux kernel 3.18, you can delete a table and its contents with this command. Earlier kernels require you to flush the table's contents first, otherwise you hit an error:


<source lang="bash">
<source lang="bash">
Line 23: Line 41:


This removes the rules ''for every chain'' that you register in that table.
This removes the rules ''for every chain'' that you register in that table.
'''Note:''' ''nft flush table ip filter'' will not flush '''Sets''' defined within that table, and will cause an error if the table to be flushed does not exist and you're using Linux <4.9.0, which you can overcome by flushing the ruleset.
= See also =
More valuable information:
* [[Configuring chains]]
* [[Operations at ruleset level]]

Latest revision as of 23:53, 16 April 2021

Tables are the top-level containers within an nftables ruleset; they hold chains, sets, maps, flowtables, and stateful objects.

Each table belongs to exactly one family. So your ruleset requires at least one table for each family you want to filter.

Following are some basic operations and commands for configuring tables:

Adding tables

% nft add table ip filter

Show/List tables

% nft list tables

Deleting tables

% nft delete table ip foo

Troubleshooting: Since Linux kernel 3.18, you can delete a table and its contents with this command. Earlier kernels require you to flush the table's contents first, otherwise you hit an error:

% nft delete table filter
<cmdline>:1:1-19: Error: Could not delete table: Device or resource busy
delete table filter
^^^^^^^^^^^^^^^^^^^

Flushing tables

You can delete all the rules that belong to this table with the following command:

% nft flush table ip filter

This removes the rules for every chain that you register in that table.

Note: nft flush table ip filter will not flush Sets defined within that table, and will cause an error if the table to be flushed does not exist and you're using Linux <4.9.0, which you can overcome by flushing the ruleset.

See also

More valuable information: