Modern Linux firewalls are powered by nftables, and this category is where I document clean, maintainable rule sets for real servers. Instead of throwing giant copy dumps at you, I walk through the logic of each rule and show how packets flow through tables, chains, and sets. You will see examples for web servers, reverse proxies, and application hosts on EC2 and other cloud providers, including both IPv4 and IPv6.

There are guides for migrating from iptables, logging safely without spamming your disks, and using sets to manage large collections of trusted or blocked IP addresses. I also cover best practices for default policies, handling local services like SSH, and building simple scripts that apply rules on boot. If you are ready to replace guesswork with a firewall you actually understand, start with the nftables articles here.