{"description": "<tt>If firewalld or iptables are being used in your environment, please follow the guidance in their\nrespective section and pass-over the guidance in this section.</tt>\n<br /><br />\nnftables is a subsystem of the Linux kernel providing filtering and classification of network\npackets/datagrams/frames and is the successor to iptables. The biggest change with the\nsuccessor nftables is its simplicity. With iptables, we have to configure every single rule and\nuse the syntax which can be compared with normal commands. With nftables, the simpler\nsyntax, much like BPF (Berkely Packet Filter) means shorter lines and less repetition.\nSupport for nftables should also be compiled into the kernel, together with the related\nnftables modules.\n<br /><br /> \nIt is available in Linux kernels >= 3.13. <b>Please ensure that your kernel\nsupports nftables before choosing this option.</b>", "warnings": [], "requires": [], "conflicts": [], "values": ["var_nftables_base_chain_hooks", "var_nftables_base_chain_names", "var_nftables_base_chain_policies", "var_nftables_base_chain_priorities", "var_nftables_base_chain_types", "var_nftables_family", "var_nftables_master_config_file", "var_nftables_table"], "groups": {}, "rules": ["directory_groupowner_etc_nftables", "directory_owner_etc_nftables", "directory_permissions_etc_nftables", "nftables_ensure_default_deny_policy", "nftables_rules_permanent", "package_nftables_installed", "package_nftables_removed", "service_nftables_disabled", "service_nftables_enabled", "set_nftables_base_chain", "set_nftables_loopback_traffic", "set_nftables_new_connections", "set_nftables_table"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "nftables", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/network/network-nftables/group.yml"}