Web Server Defence
Understanding Linux Firewall Tables
Demystifying iptables, nftables, and UFW
What Does “Uses Tables” Mean?
When your router or Linux server says it “uses tables,” that means it’s using the Linux packet filtering system, which is either iptables or nftables. These are the kernel-level firewall systems that control how packets are filtered, forwarded, or translated (NAT).
iptables is the older system, still very common across Linux distributions.
nftables is the newer version designed to replace iptables with improved performance and syntax.
Both systems use “tables” like filter, nat, and mangle to organize rules:
- The filter table handles allow/deny decisions
- The nat table handles port forwarding and masquerade
- The mangle/raw tables modify packets or priorities
What About UFW?
UFW (Uncomplicated Firewall) is not a separate firewall. It’s just a simpler front-end that writes iptables or nftables rules for you. When you type sudo ufw allow 80/tcp, it adds the same kind of rule directly into iptables.
So when a system says it’s using UFW, it’s really still using the same tables underneath — UFW is just making it easier to manage them.
The “Switched to Tables Exclusive” Issue
If your router originally said “switched to tables exclusive,” that means it stopped using UFW and now manages iptables or nftables rules directly. This is common for routers or firewalls because they often need very specific control over NAT and routing, and UFW can conflict with that.
The Apache/Nginx Complication
When you later installed Apache and Nginx, the installation likely re-enabled UFW because Ubuntu and Debian web server packages include UFW application profiles such as “Apache Full,” “Nginx Full,” etc. Those automatically open ports 80 and 443 in UFW.
This can cause confusion because now two systems may be managing firewall rules at once.
Why Your Manager Program Shows Problems
Your manager program that “looks for problems” is probably monitoring UFW, checking whether it’s active and whether certain ports are allowed. If UFW is disabled because your router uses direct iptables management, it will think there’s an error even though your router is working correctly.
How to Check What’s Actually Running
To find out exactly what’s running on your system, use these commands:
sudo ufw status verbose
sudo update-alternatives --display iptables
sudo iptables -L -v -n
sudo iptables -t nat -L -v -n
# Or if using nftables:
sudo nft list ruleset
sudo systemctl status ufw
sudo systemctl status netfilter-persistent
Warning: If both UFW and netfilter-persistent are active, you may have conflicting managers writing rules. That’s often why web servers lose connection or NAT stops working after an update.
The Bottom Line
- iptables or nftables are the real firewalls at the kernel level
- UFW is a helper tool that writes their rules for you
- If your router switched to “tables only,” it’s using the raw iptables/nftables system
- Installing Apache or Nginx probably re-enabled UFW and created overlap
- Your manager program may be warning you about that overlap, not an actual security issue
Need Help Configuring Your System?
If you share your Linux version (e.g., Ubuntu 22.04 or Debian 12) and the output of sudo iptables -L -n -v or sudo nft list ruleset, we can show you exactly which system is active and how to configure it so your router and web servers don’t interfere with each other.
