Someone told me that even if a nmap scan reports that all ports are closed it does not guarantee that nftables is actually protecting the system. Is just means that there are no services listening on any ports.
Which command will confirm that nftables is actually active & protecting my installation ?
I am using the firewalld to manage nftables. Arch Wiki says this
One graphical front-end that supports both, nftables and iptables, is firewalld.[3]
ufw & firewalld are basically created for the same purpose which is to help the user to configure iptables or nftables in an easy way. Neither ufw or firewalld are firewalls by themselves. They are called “helpers”. The actual job of protecting the system is done by iptables/nftables. Nftables is the new kid & most modern distros have started replacing iptables with nftables.
$ sudo nftables status
[sudo] password for home:
sudo: nftables: command not found
Really? I’ve just run “man nft” twice and got “no manual entry for nft” That is very strange. I’m not doubting your evidence, I just wonder what the heck is happening here! Usually I’ve found my man pages to be working just fine. It’s very wierd.
ufw is just front-end for iptables. You must have either iptables or something that provides it like iptables-nft installed to use it.
Also, iptables is deprecated at this point so for most people it makes sense to switch to iptables-nft if you still have software that needs an iptables interface.
epository : community
Name : ufw
Version : 0.36-5
Description : Uncomplicated and easy to use CLI tool for managing a netfilter firewall
Architecture : any
URL : https://launchpad.net/ufw
Licenses : GPL3
Groups : None
Provides : None
Depends On : iptables python
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 182.36 KiB
Installed Size : 792.12 KiB
Packager : Felix Yan <felixonmars@archlinux.org>
Build Date : Wed 11 Nov 2020 05:03:00 AM CST
Validated By : MD5 Sum SHA-256 Sum Signature
Both nftables and iptables provide firewall support in the kernel and some userspace utilities to manage them. If you haven’t configured one of them, they aren’t protecting anything.
While you can configure them manually the rules to do so are a bit complicated so it is usually easier to use a fontend like firewalld that does that for you.