Monitor your Linux firewall with nftwatch

Emotional, Burning, Unlimited Tuned Laboratory

created the Linux nftwatch command to watch firewall traffic stats.

Netfilter tables (nftables) is the default firewall shipped with modern Linux distros. It’s available on Fedora and RHEL 8, the latest Debian, and many others. It replaces the older iptables that was bundled in earlier distro releases. It’s a powerful and worthy replacement for iptables, and as someone who uses it extensively, I appreciate its power and functionality.

One of the features of nftables is the ability to add counters to many elements, such as rules. These are enabled on demand. You need to explicitly ask for it on a per line basis using the “counter” argument. I have them enabled for specific rules in my firewall, which gives me visibility into those rules.