Client Area
cPanel HostingDirectAdmin HostingWebuzo HostingWindows HostingReseller HostingApp PlatformNewCompare All Plans →
VPS HostingPopularLXC ContainersCloud ServersBare MetalServer ManagementDevOps ServicesCompare All Servers →
Domain RegistrationDomain Transfer.IN RegistrarBharat DomainsDomain PricingSearch Domains →
Website DevelopmentWeb ApplicationsSaaS DevelopmentMobile AppsE-CommerceAPI DevelopmentSEO ServicesDigital MarketingView All Services →
All SolutionsWebsite BuilderProfessional EmailE-CommerceDevelopersEnterpriseBrand Protection
Support CenterSubmit a TicketTrack TicketKnowledge BaseFAQ
About UsContact UsAffiliate ProgramBlog
Free ConsultationClient Area
Firewall & Security HardeningIntermediate

Modern Firewall Management with nftables on RHEL-Based Systems (AlmaLinux, CentOS, Rocky Linux)

4 min readPublished 4 Mar 2026Updated 14 Apr 20262,432 views

In this article

  • 1Introduction
  • 21 What is nftables
  • 3Key Features:
  • 42 Why RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux Uses nftables
  • 53 Basic nftables Commands

Introduction

RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux marks a significant evolution in Linux firewall management by adopting nftables as its default packet filtering framework. This article provides an in-depth look at nftables on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux--explaining its architecture, benefits over legacy systems, basic command usage, and best practices for configuration and management.

1 What is nftables

nftables is a modern packet filtering framework introduced to replace the older iptables-legacy system. It simplifies rule management and improves performance while offering enhanced flexibility through sets, maps, and stateful filtering.

Key Features:

Simplified Syntax

  • Uses a more streamlined language for defining firewall rules, reducing complexity in large rule sets.

Efficient Rule Handling

  • Processes rules more efficiently, particularly for complex filtering requirements or high packet rates.

Enhanced Flexibility

  • Supports sets and maps, allowing administrators to group IP addresses, ports, or protocols together for easier management.

Stateful Filtering

  • Natively supports connection tracking, enabling dynamic and intelligent packet filtering.

2 Why RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux Uses nftables

RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux has moved away from iptables-legacy in favor of nftables for several reasons:

Performance Improvements

  • Handles high volumes of traffic more efficiently.

Modern Architecture

  • Reduces redundancy and complexity, making rule management and debugging easier.

Future-Proofing

  • With widespread adoption across Linux distributions, nftables is the sustainable solution for evolving security needs.

Unlike some distributions where you can switch between iptables-legacy and nftables, RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux uses nftables by default with an iptables-nft compatibility layer, meaning traditional iptables commands are automatically translated into nftables rules.

3 Basic nftables Commands

Viewing the Entire Ruleset

nft list ruleset

This displays all tables and chains currently loaded into nftables.

Adding a New Rule

nft add rule ip filter INPUT ip saddr 192.168.1.0/24 accept

This rule allows traffic from 192.168.1.0/24 in the INPUT chain of the ip filter table.

Deleting a Rule

nft delete rule ip filter INPUT handle <rule_handle>

Find the rule handle from the output of nft list ruleset before deleting.

Save and Restore Rules

Save your configuration:

nft list ruleset > /etc/nftables.conf

Restore your ruleset after a reboot:

nft -f /etc/nftables.conf

4 Configuring Persistence

To ensure that nftables rules persist after a reboot:

Enable the Service:

systemctl enable nftables

Start the Service:

systemctl start nftables

The nftables service will automatically load /etc/nftables.conf during system startup.

5 Best Practices for Managing nftables on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux

Use Configuration Files

  • Always manage firewall rules via configuration files, avoiding direct kernel changes where possible.

Backup Your Configuration

  • Before making changes, backup your ruleset:

cp /etc/nftables.conf /etc/nftables.conf.bak

Test Rules in a Controlled Environment

  • Apply new rules on a test server or during a maintenance window to prevent disruptions.

Leverage Sets and Maps

  • Use nftables' powerful grouping features for easier management of large or dynamic IP lists.

Regularly Review Active Rules

nft list ruleset

  • Periodically review active rules to ensure they align with security policies.

6 Conclusion

nftables on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux provides a modern, efficient, and flexible approach to firewall management. By moving away from iptables-legacy, RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux simplifies firewall rule handling while improving performance and scalability.

Key Takeaways:

nftables is faster and more efficient than iptables-legacy. RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux automatically translates iptables commands into nftables rules. Use configuration files and best practices to ensure persistence and security. Regularly review rulesets to maintain a secure firewall configuration.

By understanding and utilizing nftables, administrators can effectively manage firewalls on RHEL-based distributions like AlmaLinux, CentOS, and Rocky Linux, taking full advantage of its enhanced security and performance capabilities.

Was this article helpful?

Your feedback helps us improve our documentation

Still need help? Submit a support ticket

Related Articles

I can't reach my server. Have I been blocked88055
how you can identify if CSF has blacklisted your IP and how to fix it - VPS4408
CSF Blocklist and Multiple Login Failures: How Clients Can Protect Themselves3046
How to Diagnose and Resolve CSF IP Blocks: A Step-by-Step Guide2678
Mitigating DDoS Attacks Using CSF: A Comprehensive Guide2565

Still need help?

Our support team can assist you directly.

Submit Ticket
Need Help?
New TicketTrack TicketKnowledge BaseContact UsWhatsApp