nftables Rule Writing (Quickstart, Pitfalls, Constraints)

Use this skill when generating, reviewing, or debugging nftables rulesets, especially when an LLM may produce rules that are syntactically valid but semantically invalid for a specific chain type, hook, or family.

When to Use

Trigger on requests like:

• "Write an nftables.conf"
• "Review this .nft file"
• "Why does nft -f / nft -c fail?"
• "Which actions are valid on which hooks?"
• "How do I write IPv4 + IPv6 rules in table inet?"
• "Create a lint checklist for generated nftables rules"

What This Skill Covers

• Quickstart ruleset patterns (safe defaults and common base chains)
• Reusable nftables patterns for common host/router scenarios