Please enable JavaScript.
Coggle requires JavaScript to display documents.
(Service Identification, Understand nftables Structure, Asset…
Service Identification
HTTP
HTTPS
SSH
DNS
SMTP
NTP
FTP
MySQL
PostgreSQL
Redis
Kubernetes
Custom Applications
▼
Understand nftables Structure
Tables
Chains
Hooks
Priorities
Rules
Sets
Maps
Flowtables
Variables
Objects
▼
Asset Identification
Third-party systems
▼
Web Servers
Database Servers
Application Servers
DNS Servers
Mail Servers
Monitoring Servers
Backup Servers
Client Machines
Network Discovery
Create network diagram
▼
Collect IP addresses
Collect VLAN information
Collect routing
Collect gateways
Collect DNS
Collect services
Collect protocols
Traffic Analysis
Management traffic
▼
Incoming traffic
Outgoing traffic
East-West traffic
Internet traffic
Internal traffic
VPN traffic
API traffic
Risk Assessment
Insider threats
▼
Open ports
Unused services
Legacy protocols
Weak encryption
Unauthorized access
Lateral movement
DDoS risks
Firewall Policy Design
Default Drop Policy
Least Privilege
Allow only required traffic
Block unnecessary traffic
Separate inbound/outbound rules
Logging strategy
Rate limiting
Connection tracking policy
▼
Protection Rules
Invalid packets
▼
SYN Flood
ICMP Flood
Port Scan
Brute Force
DDoS
Spoofing
Bogon filtering
Testing
Functional testing
▼
Ping
SSH
Curl
Nmap
Tcpdump
Netcat
Packet capture
Troubleshooting
nft trace
▼
nft list ruleset
nft monitor
journalctl
dmesg
tcpdump
ss
conntrack
Monitoring
SIEM integration
▼
Logs
Counters
Metrics
Prometheus
Grafana
Zabbix
ELK
Allow Essential Services
SSH
HTTP
HTTPS
DNS
ICMP
NTP
Monitoring
▼
Access Control
Time-based rules
▼
Source IP filtering
Destination IP filtering
Port filtering
Protocol filtering
Interface filtering
User filtering
Advanced Features
Dynamic Sets
▼
Sets
Maps
Verdict Maps
Anonymous Sets
Named Sets
Concatenations
Automation
CI/CD
▼
Bash
Ansible
Puppet
Chef
SaltStack
Terraform
Planning
Define firewall objectives
▼
Identify business requirements
Identify applications
Identify servers
Identify users
Identify security policies
Performance Optimization
Flowtables
Rule ordering
Set optimization
Hardware offloading
Reduce rule count
Fast-path forwarding
▼
Logging
Syslog integration
▼
Accept logs
Drop logs
Prefixes
Rate-limited logs
Audit logs
Compliance
Internal Security Policies
▼
CIS Benchmark
NIST
PCI DSS
ISO 27001
SOC 2
Maintenance
Performance review
▼
Rule review
Remove unused rules
Update IP sets
Patch system
Security review
Disaster Recovery
Backup rules
Restore firewall
Rollback
Configuration archive
Documentation
Recovery testing
Install nftables
Disable old firewall
iptables
firewalld
ufw (if applicable)
Backup existing configuration
▼
Install package
Enable service
Verify installation
Create Tables
netdev
▼
inet filter
ip nat
ip6 filter
bridge
Create Base Chains
Postrouting
▼
Input
Output
Forward
Prerouting
Network Address Translation
SNAT
DNAT
Masquerade
Port forwarding
Hairpin NAT
▼
Persistence
Backup configuration
▼
Save rules
Restore rules
Boot persistence
Version control
Connection Tracking
New
▼
Established
Related
Invalid
Stateful Packet Filtering
New connections
Established
Related
Invalid packets
▼
Define Default Policies
Input Drop
Forward Drop
Output Accept
▼
Allow Loopback
localhost communication
▼
lo interface
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Step 14
Step 15
Step 16
Step 17
Step 18
Step 19
Step 20
Step 21
Step 22
Step 23
Step 24
Step 25
Step 26
Step 27
Step 28
Step 29
Step 30