Once upon a time, Jonathan Billings <billings@xxxxxxxxxx> said:
> 'iptables' and 'nftables' are competing technologies. In CentOS 8,
> firewalld's backend was switched from iptables to nftables. So it
> would be expected that the iptables command wouldn't have any rules
> defined, it isn't being used by firewalld.
That is partially incorrect. While iptables and nftables are two
different in-kernel firewalls, the iptables CLI command is now a wrapper
that can translate to the nftables backend for compatibility.
However, it can only manage a subset of nftables information (basically
what it can create in the iptables back-compat mode). The nftables
rules created by firewalld don't fall into that category, so can't be
viewed by iptables.
Instead, use the nft command, like "nft list ruleset" to see a dump of
all current rules.
--
Chris Adams <linux@xxxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
