---
title: Telegraf Documentation
description: Telegraf plugin for collecting metrics from Nftables
url: https://docs.influxdata.com/telegraf/v1/input-plugins/nftables/
estimated_tokens: 1185
product: Telegraf
version: v1
---

-   Telegraf v1.37.0+

# Nftables Plugin

This plugin gathers packets and bytes counters for rules within Linux’s [nftables](https://wiki.nftables.org/wiki-nftables/index.php/Main_Page) firewall, as well as set element counts.

**Introduced in:** Telegraf v1.37.0 **Tags:** network, system **OS support:** linux

## Global configuration options

Plugins support additional global and plugin configuration settings for tasks such as modifying metrics, tags, and fields, creating aliases, and configuring plugin ordering. See [CONFIGURATION.md](/telegraf/v1/configuration/#plugins) for more details.

## Configuration

```toml
[[inputs.nftables]]
  ## Use the specified binary which will be looked-up in PATH
  # binary = "nft"

  ## Use sudo for command execution, can be restricted to
  ## "nft --json list table"
  # use_sudo = false

  ## Tables to monitor (may use "family table" format, e.g., "inet filter")
  # tables = [ "filter" ]

  ## Kinds of objects to monitor: "counters" (named counters), "sets",
  ## (named sets), "anonymous-counters" (on commented rules).
  # include = ["anonymous-counters"]
```

Since telegraf will fork a process to run nftables, `AmbientCapabilities` is required to transmit the capabilities bounding set to the forked process.

### Using sudo

You may edit your sudo configuration with the following:

```sudo
telegraf ALL=(root) NOPASSWD: /usr/bin/nft --json list table *
```

## Metrics

Counters (when `counters` included):

-   nftables
    -   tags:
        -   table
        -   counter
    -   fields:
        -   pkts (integer, count)
        -   bytes (integer, bytes)

Sets (when `sets` included):

-   nftables
    -   tags:
        -   table
        -   set
    -   field:
        -   count (integer, count)

Anonymous counters on commented rules (when `anonymous-counters` included):

-   nftables
    -   tags:
        -   table
        -   chain
        -   rule – comment associated to the rule
    -   fields:
        -   pkts (integer, count)
        -   bytes (integer, bytes)

## Example Output

```text
> nftables,host=my_hostname,counter=my_counter,table=filter bytes=48968i,pkts=48i 1757367516000000000
> nftables,host=my_hostname,set=my_set,table=filter count=10i 1757367516000000000
> nftables,chain=incoming,host=my_hostname,rule=comment_val_1,table=filter bytes=66435845i,pkts=133882i 1757367516000000000
> nftables,chain=outgoing,host=my_hostname,rule=comment_val_2,table=filter bytes=25596512i,pkts=145129i 1757367516000000000
```

#### Related

-   [Configure plugins](/telegraf/v1/configure_plugins/)
-   [Nftables Plugin Source](https://github.com/influxdata/telegraf/tree/v1.38.4/plugins/inputs/nftables/README.md)