On 6/27/21 11:32 AM, slow_speed@xxxxxxx wrote:
As it turns out, I am learning two ways at once. One is my desktop computer running Debian 10 which used nftables (and I believe nftables-persistent is built-in to the nftables mechanism). The other is a little Raspian server which is based on Debian 10, but does not use nftables.
I've only got started with nftables, which is why I bought the latest edition of Linux Firewalls. In particular, I wanted to duplicate reverse packet filtering, but in both IPv4 and IPv6. So I don't know the toolset for nft yet.
In the second case, one must reload iptables when changes are made to it. If I correctly understand, one must use sudo iptables -F, followed by sudo iptables-restore < /etc/iptables.up.rules (or wherever they are). Doesn't it need the little left arrow/less-than sign? Does that sound correct?
Yes. What you are doing with iptables-restore (and ip6tables-restore) is presenting the contents of a file originally created by ip[6]tables-save to stdin of the -restore programs.
By the way, if I'm reading the man page correctly ip[6]tables-restore does the -F for you, unless you tell it not to. You can also restore only a single table from the collected rules. Details on the man page.
