nftables is the new packet classification framework that replaces iptables
Provides the latest version of nft command-line utility with the intention
of replacing outdated and buggy packages provided by mainline Linux distributions.
For documentation on how to use nftables see https://wiki.nftables.org/
You may want to create a system-wide alias:
snap alias nftables-pk.nft nft
Quick example (simple packet counter, not hooked to real traffic):
nft add table inet main
nft add chain inet main input
nft add rule inet main input counter accept
nft list ruleset
If you use snapd older than 2.41 you will need the following after installation:
snap connect nftables-pk:network-control
Remember to update your nftables scripts to point to /snap/bin/nft and move
your scripts from /etc/nftables to /var/snap/nftables-pk/common.
Since this snap is fully confined, configuration files must be placed
Swap out openSUSE_Leap_15.2 for openSUSE_Leap_15.1, openSUSE_Leap_15.0, or openSUSE_Tumbleweed if you’re using a different version of openSUSE.
With the repository added, import its GPG key:
sudo zypper --gpg-auto-import-keys refresh
Finally, upgrade the package cache to include the new snappy repository:
sudo zypper dup --from snappy
Snap can now be installed with the following:
sudo zypper install snapd
You then need to either reboot, logout/login or source /etc/profile to have /snap/bin added to PATH.
Additionally, enable and start both the snapd and the snapd.apparmor services with the following commands: