nftables

nft list table inet filter

nft list ruleset

Quickly open tcp port 8080 on input

sudo nft add rule inet filter input tcp dport 8080 accept

Simple example. Dropping all incoming traffic except ssh. And cound the packets on ssh port. Also allow established/related connections /etc/nftables.conf:

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority 0; policy drop;
                ct state established,related accept
                tcp dport 22 counter accept comment "accept SSH"
        }
        chain forward {
                type filter hook forward priority 0; policy accept;
        }
        chain output {
                type filter hook output priority 0; policy accept;
        }
}