On 2020-04-28 05:15, Chris Adams wrote:
Once upon a time, Samuel Sieb samuel@sieb.net said:
I still make my own iptables scripts, mostly using fwbuilder. I think it might be possible to add the dynamic rules I would like to have if I switch to firewalld, but I haven't had the time for that yet. And then there's nftables which is the new replacement for iptables.
Just to clear up some misconception: firewalld is not a replacement for iptables. firewalld is a front-end to iptables, similar to shorewall and some other firewall management tools. firewalld (and shorewall and so on) is a replacement for manually writing rules and putting them in /etc/sysconfig/iptables though.
However, iptables is being replaced by nftables (similar to how iptables replaced ipchains in the past). firewalld can use either as a back end. nftables can also be configured using an iptables front-end translator (so if all you want to do is manually write iptables-style rules, that will actually still work with the nftables back-end).
I use firewalld for workstations and iptables for servers doubling as a perimeter firewall.
Gots to look up nftables. Have you converted iptables to nftables yet? Does it follow any of the iptables syntax? (I have HUNDREDS of line of iptables.)