Open-source News

Monitor your Linux firewall with nftwatch Kenneth Aaron Mon, 07/18/2022 - 03:00 Register or Login to like Register or Login to like

Netfilter tables (nftables) is the default firewall shipped with modern Linux distros. It's available on Fedora and RHEL 8, the latest Debian, and many others. It replaces the older iptables that was bundled in earlier distro releases. It's a powerful and worthy replacement for iptables, and as someone who uses it extensively, I appreciate its power and functionality.

One of the features of nftables is the ability to add counters to many elements, such as rules. These are enabled on demand. You need to explicitly ask for it on a per line basis using the "counter" argument. I have them enabled for specific rules in my firewall, which gives me visibility into those rules.

This got me thinking. How can I look at these counters in real time? At first I tried "watch" which allows things like refresh rate, but I didn't like the default format and it wasn't scrollable. I found using head and tail and awk less than ideal. A user-friendly solution didn't exist. So I wrote my own, which I'd like to share with the open source community.

More Linux resources Linux commands cheat sheet Advanced Linux commands cheat sheet Free online course: RHEL technical overview Linux networking cheat sheet SELinux cheat sheet Linux common commands cheat sheet What are Linux containers? Our latest Linux articles Introducing nftwatch on Linux

My solution, which I call nftwatch, does a few things:

• It reorders and reformats the nftables output to make it more readable.
• It allows scrolling the output up or down.
• Its user-defined refresh rate (can be changed in real time).
• It can pause the display.

Instead of a dump of a table, you get output that shows activity for each rule:

Image by:

(Kenneth Aaron, CC BY-SA 4.0)

You can download it here from its Git repository.

It is 100% python, 100% open source, and 100% free. It ticks all the boxes for free, quality programs.

Install nftwatch on Linux

Here are the manual install instructions:

1. Clone or download the project from the git repository.
2. Copy nftwatch.yml to /etc/nftwatch.yml.
3. Copy nftwatch to /usr/local/bin/nftwatch and grant it executable permissions using chmod a+x.
4. Use nftwatch with no args to run it.
5. See nftwatch -m for the man page.

You can also run nftwatch without the YAML config file, in which case it uses builtin defaults.

Usage

The nftwatch command displays nftables rules. Most of the controls are designed for this purpose.

Arrow keys and the equivalent Vim keypresses control scrolling. Use the F or S key to change the refresh speed. Use the P key to pause the display.

Run nftwatch -m for full instructions, and a list of interactive key controls.

A new view of your firewall

Firewalls can seem obtuse and vague even if you spend time to configure them. Aside from extrapolating indicators from log entries, it's hard to tell what kind of activity your firewall is actually seeing. With nftwatch, you can see your firewall at work, and ideally gain a better understanding of the kind of traffic your network has to deal with on a daily basis.

I created the Linux nftwatch command to watch firewall traffic stats.

Image by:

Jonas Leupe on Unsplash

Linux Sysadmin What to read next Watch commands and tasks with the Linux watch command This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

The post PlayOnLinux – Run Windows Software and Games in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

In our earlier articles on this blog, we used the Wine program to install and run windows based applications on Debian-based and and other Red Hat-based Linux distributions. There is another open source software

The post PlayOnLinux – Run Windows Software and Games in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking  The Hacker News

The post How to Mount and Unmount an ISO Image in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

An ISO image or .iso (International Organization for Standardization) file is an archive file that contains a disk image called ISO 9660 file system format. Every ISO file has .iso an extension has a

The post How to Mount and Unmount an ISO Image in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Torvalds: Linux kernel team has sorted Retbleed chip flaw  The Register

Linus Torvalds just released Linux 5.19-rc7 following a busy week due to the Retbleed security mitigation and not only the CPU overhead performance impact it puts on users but the mess it has on kernel development especially when it comes to embargoed issues that make the patches difficult to review/test well prior to embargo lift...

Three Main PC Operating Systems and How to Choose the Best One for You  BBN Times

Three Main PC Operating Systems and How to Choose the Best One for You  BBN Times

Job: Engineering Manager, Ubuntu Desktop Gaming at Canonical | The Paradise News  The Paradise News

Following some weekend benchmarks here are more complementary numbers on the Retbleed mitigation performance benchmark costs. These additional numbers are on a Zen 2 based AMD Ryzen 7 4800U APU that has been common both to laptops as well as embedded/low-profile devices for thin client computing, IoT / edge use-cases, and more...

Due to the new "Retbleed" security mitigation further hurting CPU performance for affected processors, Intel engineers have revisited work on call depth tracking mitigation as an alternative to the Indirect Branch Restricted Speculation (IBRS) mitigation to help in lowering the overhead costs...

Raptor Computing Systems that is known for their open-source POWER9-based Talos II and Blackbird systems that are fully open-source designs and running on free software down to the firmware level are preparing for a new product launch...

As of this week in Mesa 22.2, the open-source Radeon Vulkan driver "RADV" has added support for the VK_NV_device_generated_commands extension. This NVIDIA-created extension that has been around for a few years with their hardware allows for the GPU to generate some of the most frequent rendering commands on the hardware itself...

After the COVID-19 pandemic hiatus, Debian's annual conference "DebConf" is back to being an in-person event and started this morning in Kosovo...

Intel this week issued their Compute Runtime 22.28.23726 pre-release for this open-source GPU compute stack on Windows and Linux for OpenCL and oneAPI Level Zero support on their graphics hardware...

Week in review: Kali Linux gets on Linode, facial recognition defeated, Log4j exploitation - Help Net Security  Help Net Security

SCaLE 19x, the 19th Annual Southern California Linux Expo, Will Take Place July 28-31, 2022  9to5Linux

Light PDF Editing is coming to Firefox  Ghacks

AMD RDNA 3 GPUs Get SubVP Feature In AMDGPU For Linux 5.20  Wccftech

Best Linux distributions to revive an ancient laptop  MyBroadband