Docs / Networking / Configuring nftables as iptables Replacement

Configuring nftables as iptables Replacement

By Admin · Feb 5, 2026 · Updated Apr 23, 2026 · 4 views · 3 min read

Configuring nftables as iptables Replacement is a common requirement for VPS administrators. This guide provides practical instructions that you can follow on Ubuntu 22.04/24.04 or Debian 12, though most steps apply to other distributions as well.

Prerequisites

  • Access to server network configuration
  • Understanding of TCP/IP fundamentals
  • Root or sudo access to the server

Network Configuration

The nftables configuration requires careful attention to resource limits and security settings. On a VPS with limited resources, it's important to tune these parameters according to your available RAM and CPU cores.


# Network configuration and testing
ip addr show                   # View interfaces
ip route show                  # View routing table
ss -tlnp                       # View listening ports

# Firewall rules
sudo iptables -L -n -v         # List current rules
sudo ufw status verbose        # UFW status

These commands should be run as root or with sudo privileges. If you're using a non-root user, prefix each command with sudo.

  • Maintain runbooks for common operations
  • Use version control for configuration files
  • Test disaster recovery procedures regularly
  • Document all configuration changes
  • Set up monitoring before going to production

Firewall Rules Setup

The nftables configuration requires careful attention to resource limits and security settings. On a VPS with limited resources, it's important to tune these parameters according to your available RAM and CPU cores.


# Configure network interface
sudo nano /etc/netplan/01-netcfg.yaml

network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - 192.168.1.10/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses:
          - 8.8.8.8
          - 1.1.1.1

sudo netplan apply

Note that file paths may vary depending on your Linux distribution. The examples here are for Debian/Ubuntu; adjust paths accordingly for RHEL/CentOS-based systems.

Testing Connectivity

When scaling this setup, consider vertical scaling (adding more RAM/CPU) first, as it's simpler to implement. Horizontal scaling adds complexity but may be necessary for high-traffic applications.


# Network configuration and testing
ip addr show                   # View interfaces
ip route show                  # View routing table
ss -tlnp                       # View listening ports

# Firewall rules
sudo iptables -L -n -v         # List current rules
sudo ufw status verbose        # UFW status

Each line in the configuration serves a specific purpose. The comments explain the reasoning behind each setting, making it easier to customize for your specific use case.

Configuration Options

If you encounter issues during setup, check the system logs first. Most problems can be diagnosed by examining the output of journalctl or the application-specific log files in /var/log/.

  • Test your backup restore procedure monthly
  • Monitor disk space usage and set up alerts
  • Review log files weekly for anomalies

Next Steps

With nftables now set up and running, consider implementing monitoring to track performance metrics over time. Regularly review your configuration as your workload changes and scale resources accordingly.

Was this article helpful?

Related Articles