Frequently Asked Question

What's the difference between iptables, nftables, ufw, and firewalld?

All four ultimately program the Linux kernel's packet filter. iptables was the long-standing user-space tool, built on top of the older x_tables framework, and is still what most existing documentation shows. nftables replaced it from kernel 3.13 onwards (2014) with a cleaner syntax, faster lookups, and a single tool covering IPv4, IPv6, ARP, and bridge filtering at once. Modern distributions default to nftables; iptables commands still work via a compatibility layer that translates them to nftables rules underneath.

ufw (Uncomplicated Firewall) and firewalld are friendlier front-ends on top of nftables. ufw is the Debian/Ubuntu default and reads commands like ufw allow 22/tcp or ufw allow from 10.0.0.0/24. firewalld is the Red Hat family default, organises rules into zones (public, internal, trusted), and manages them with firewall-cmd --permanent --add-service=ssh. Choose the front-end your distribution prefers; the underlying kernel does the same job either way.