Science and technology

Monitor your Linux firewall with nftwatch

Netfilter tables (nftables) is the default firewall shipped with fashionable Linux distros. It’s out there on Fedora and RHEL 8, the newest Debian, and plenty of others. It replaces the older iptables that was bundled in earlier distro releases. It’s a strong and worthy substitute for iptables, and as somebody who makes use of it extensively, I respect its energy and performance.

One of the options of nftables is the power so as to add counters to many parts, comparable to guidelines. These are enabled on demand. You have to explicitly ask for it on a per line foundation utilizing the “counter” argument. I’ve them enabled for particular guidelines in my firewall, which supplies me visibility into these guidelines.

This obtained me pondering. How can I have a look at these counters in actual time? At first I attempted “watch” which permits issues like refresh charge, however I did not just like the default format and it wasn’t scrollable. I discovered utilizing head and tail and awk lower than splendid. A user-friendly resolution did not exist. So I wrote my very own, which I’d wish to share with the open supply group.

Introducing nftwatch on Linux

My resolution, which I name nftwatch, does just a few issues:

  • It reorders and reformats the nftables output to make it extra readable.
  • It permits scrolling the output up or down.
  • Its user-defined refresh charge (could be modified in actual time).
  • It can pause the show.

Instead of a dump of a desk, you get output that reveals exercise for every rule:

(Kenneth Aaron, CC BY-SA 4.0)

You can obtain it right here from its Git repository.

It is 100% python, 100% open supply, and 100% free. It ticks all of the packing containers without spending a dime, high quality packages.

Install nftwatch on Linux

Here are the handbook set up directions:

  1. Clone or obtain the mission from the git repository.
  2. Copy nftwatch.yml to /and many others/nftwatch.yml.
  3. Copy nftwatch to /usr/native/bin/nftwatch and grant it executable permissions utilizing chmod a+x.
  4. Use nftwatch with no args to run it.
  5. See nftwatch -m for the person web page.

You can even run nftwatch with out the YAML config file, by which case it makes use of builtin defaults.


The nftwatch command shows nftables guidelines. Most of the controls are designed for this function.

Arrow keys and the equal Vim keypresses management scrolling. Use the F or S key to alter the refresh pace. Use the P key to pause the show.

Run nftwatch -m for full directions, and a listing of interactive key controls.

A brand new view of your firewall

Firewalls can appear obtuse and imprecise even when you spend time to configure them. Aside from extrapolating indicators from log entries, it is exhausting to inform what sort of exercise your firewall is definitely seeing. With nftwatch, you may see your firewall at work, and ideally achieve a greater understanding of the sort of site visitors your community has to take care of every day.

Most Popular

To Top