Open Source Summit Europe 2024

Firewalls play a pivotal part in securing a hypervisor and its guests from internal and external threats. In this talk I want to show how to utilize nftables for creating complex rulesets in a virtualized Linux network environment.

This talk will start with a short introduction on nftables and Linux network virtualization. I will then dive deeper by showing how to create complex rulesets efficiently by utilizing the built-in nftables datastructures. Furthermore, I will show how zone-based firewalling can be implemented by leveraging the nftables bridge family, with a focus on virtualized network environments common in hypervisors. To finish off, I will talk about how to use Rust for interfacing with nftables via JSON by using the provided nftables-json schema to programmatically create firewall rules.