Ensure nftables Is Installed : iCompaas Support

Ensure nftables Is Installed Print

Created by: iCompaas Tech Support

Modified on: Wed, 28 May, 2025 at 6:39 AM

Profile Applicability:
• Level 1

Description:
nftables is a modern packet filtering framework that replaces the legacy iptables. Installing nftables enables advanced firewall capabilities and better performance for network traffic management.

Rationale:
Having nftables installed allows administrators to implement more efficient and flexible firewall rules, improving overall network security.

Impact:
Pros:

Provides modern firewall management capabilities.
Supports dynamic rule changes with improved syntax.

Cons:

Installation alone does not configure firewall rules; proper setup is required.

Default Value:
nftables may not be installed by default depending on the Linux distribution.

Pre-requisites:

Root or sudo privileges to install packages.

Remediation:

Test Plan:

Using Linux command line:

Check if nftables is installed:

RPM-based systems:

rpm -q nftables

Confirm package presence.

Implementation Plan:

Using Linux command line:

Install nftables if missing:

RPM-based:

yum install nftables -y

Verify installation:
```
nft --version
```

Backout Plan:

Using Linux command line:

Remove nftables if needed:

RPM-based:

yum remove nftables -y

Confirm removal.

References:

CIS Amazon Linux 2 Benchmark v3.0.0
nftables Documentation
NIST SP 800-53 Revision 5 - SC-7

iCompaas is the author of this solution article.

Did you find it helpful? Yes No

Ensure nftables Is Installed Print

Test Plan:

Implementation Plan:

Backout Plan:

Related Articles