I have a script that I run on my Internet router machine to set up iptables rules for NAT forwarding and various other things. To ensure things are consistent, it starts by deleting any existing packet filter rules. The following sequence used to work for this:

if test -f /proc/net/ip_tables_names; then for table in $(cat /proc/net/ip_tables_names); do iptables -t $table -F done fi

However, while the file /proc/net/ip_tables_names still exists in current kernels, it no longer lists the names of tables for which rules are defined; instead, its contents are now always empty.

It turns out there is now a new “nftables” interface for managing packet filter rules. The nice thing is, it has a command for listing all defined tables. For example, on my router machine, the command

nft list tables

prints out

table ip filter table ip nat

which means there are two tables named “filter” and “nat”, both part of the “ip” protocol stack.

Interestingly, the nft(8) man page does not mention the “list tables” command (at least on Debian), only the more specific “list table «table»” form, which print out the rules within a given table. However, the nftables wiki https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes does give all the details.

As usual, the Arch Linux wiki entry https://wiki.archlinux.org/index.php/Nftables offers some additional useful info.