Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Ubuntu 20.04
System Settings
Network Configuration and Firewalls
nftables
Ensure Base Chains Exist for Nftables
Ensure Base Chains Exist for Nftables
An XCCDF Rule
Details
Profiles
Prose
Ensure Base Chains Exist for Nftables
Medium Severity
Tables in nftables hold chains. Each table only has one address family and only applies to packets of this family. Tables can have one of six families. Chains are containers for rules. They exist in two kinds, base chains and regular chains. A base chain is an entry point for packets from the networking stack, a regular chain may be used as jump target and is used for better rule organization.