Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
System Settings
Network Configuration and Firewalls
nftables
Nftables Families
Nftables Families
An XCCDF Value
Details
Profiles
Prose
Nftables Families
Netfilter enables filtering at multiple networking levels. With iptables there is a separate tool for each level: iptables, ip6tables, arptables, ebtables. With nftables the multiple networking levels are abstracted into families, all of which are served by the single tool nft.
ip
Tables of this family see IPv4 traffic/packets.
ip6
Tables of this family see IPv6 traffic/packets.
inet
Tables of this family see both IPv4 and IPv6 traffic/packets, simplifying dual stack support.
arp
Tables of this family see ARP-level (i.e, L2) traffic, before any L3 handling is done by the kernel.
bridge
Tables of this family see traffic/packets traversing bridges (i.e. switching). No assumptions are made about L3 protocols.
netdev
The netdev family is different from the others in that it is used to create base chains attached to a single network interface. Such base chains see all network traffic on the specified interface, with no assumptions about L2 or L3 protocols. Therefore you can filter ARP traffic from here.