Skip to main content

nftables (nft) Cheat Sheet 2026 — Quick CLI Command Reference

2 min read

nftables (nft) Cheat Sheet 2026 — Quick Command Reference

nftables (nft) Cheat Sheet is the complete quick-reference of nftables (nft) commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

nftables Firewall Rules

Action Command Useful flags
View current configuration 
sudo nft list ruleset
Add a new table with family "inet" and table "filter" 
sudo nft add table <inet> <filter>
Add a new chain to accept all inbound traffic 
sudo nft add chain <inet> <filter> <input> { type <filter> hook <input> priority <0> ; policy <accept> ; }
Add a new rule to accept several TCP ports 
sudo nft add rule <inet> <filter> <input> <tcp> {{dport { telnet, ssh, http, https } accept}}
Add a NAT rule to translate all traffic from the `192.168.0.0/24` subnet to the 
sudo nft add rule <nat> <postrouting> ip saddr <192.168.0.0/24> <masquerade>
Show rule handles 
sudo nft --handle --numeric list chain <family> <table> <chain>
 --handle --numeric
Delete a rule 
sudo nft delete rule <inet> <filter> <input> handle <3>
Save current configuration 
sudo nft list ruleset > </etc/nftables.conf>

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action Command Warning
⚠️ Delete 
sudo nft delete rule <inet> <filter> <input> handle <3>
 Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between nftables Firewall Rules and the other groups?

Each group in this nftables (nft) cheat sheet covers a distinct area. nftables Firewall Rules focuses on its specific scope, while the other groups and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed nftables (nft) version?

Run the version command (usually nft version or nft --version). The output shows the client and, when applicable, the server version.

Why does nftables (nft) return ‘permission denied’?

A ‘permission denied’ error in nftables (nft) usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter nftables (nft) output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON: 

nft list | grep RUNNING

What is the fastest way to debug a nftables (nft) error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories: