nftables is the modern replacement for iptables, providing a unified interface for firewall rules with improved performance and syntax.


sudo apt install nftables
sudo nft list ruleset

Configuration: Define your rules in /etc/nftables.conf and enable the service to load them automatically.


sudo tee /etc/nftables.conf << 'EOF'
table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
        tcp dport 22 accept
    }
}
EOF
sudo systemctl enable nftables