Linux packet filtering lives in netfilter; userspace tools differ by distro. nft rulesets replace many iptables setups on modern systems. iptables -L -n -v or nft list ruleset show current filters. ufw status verbose summarizes UFW’s abstraction—remember Docker and Kubernetes may insert their own chains. ss -ltnp shows what is listening before you open ports.
| Tool | Command idea | Use case |
|---|---|---|
| nftables | nft list ruleset | Authoritative view on nft-based hosts |
| UFW | ufw status numbered | Ubuntu-friendly rule list with indices |
| firewalld | firewall-cmd --list-all | RHEL/Fedora zone overview |
Related
iptables vs UFW, UFW guide, iptables explained, ss and netstat