Re: firewalld / iptables / nftables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Once upon a time, Jonathan Billings <billings@xxxxxxxxxx> said:
> 'iptables' and 'nftables' are competing technologies.  In CentOS 8,
> firewalld's backend was switched from iptables to nftables.  So it
> would be expected that the iptables command wouldn't have any rules
> defined, it isn't being used by firewalld.

That is partially incorrect.  While iptables and nftables are two
different in-kernel firewalls, the iptables CLI command is now a wrapper
that can translate to the nftables backend for compatibility.

However, it can only manage a subset of nftables information (basically
what it can create in the iptables back-compat mode).  The nftables
rules created by firewalld don't fall into that category, so can't be
viewed by iptables.

Instead, use the nft command, like "nft list ruleset" to see a dump of
all current rules.

-- 
Chris Adams <linux@xxxxxxxxxxx>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux