On 2020-04-28 05:15, Chris Adams wrote:
Once upon a time, Samuel Sieb <samuel@xxxxxxxx> said:
I still make my own iptables scripts, mostly using fwbuilder. I
think it might be possible to add the dynamic rules I would like to
have if I switch to firewalld, but I haven't had the time for that
yet. And then there's nftables which is the new replacement for
iptables.
Just to clear up some misconception: firewalld is not a replacement for
iptables. firewalld is a front-end to iptables, similar to shorewall
and some other firewall management tools. firewalld (and shorewall and
so on) is a replacement for manually writing rules and putting them in
/etc/sysconfig/iptables though.
However, iptables is being replaced by nftables (similar to how iptables
replaced ipchains in the past). firewalld can use either as a back end.
nftables can also be configured using an iptables front-end translator
(so if all you want to do is manually write iptables-style rules, that
will actually still work with the nftables back-end).
I use firewalld for workstations and iptables for servers doubling as a
perimeter firewall.
Gots to look up nftables. Have you converted iptables
to nftables yet? Does it follow any of the iptables
syntax? (I have HUNDREDS of line of iptables.)
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
