nftables Pocket Reference

nftables is the unified packet classification framework for Linux — one coherent subsystem and one userspace tool (nft) replacing iptables, ip6tables, arptables, and ebtables. This pocket reference treats it as the production-grade firewall it is: the table/chain/rule hierarchy, match expressions, sets and maps, stateful objects, flowtables, ruleset management, and the iptables migration path. Includes a chapter on operational gotchas and a quick reference for the syntax that's hardest to keep in your head.

Table of Contents

1. 1 Introduction & Architecture
2. 2 nft Command Reference
3. 3 Ruleset Files, Variables & Includes
4. 4 Tables
5. 5 Chains
6. 6 Rules
7. 7 Match Expressions
8. 8 Verdict & Action Statements
9. 9 Sets
10. 10 Maps & Verdict Maps
11. 11 Stateful Objects
12. 12 Flowtables
13. 13 Ruleset Management
14. 14 iptables Migration
15. 15 Operational Gotchas
16. 16 Troubleshooting & Debugging
17. 17 Performance & Rule Ordering
18. 18 Common Recipes
19. 19 Quick Reference