On 11/19/19 3:01 AM, Tom H wrote:
On Mon, Nov 18, 2019 at 1:09 AM Ed Greshko
<ed.greshko(a)greshko.com> wrote:
> On 11/18/19 6:27 AM, Patrick O'Callaghan wrote:
>> I've never heard of nftables. I assumed that iptables was the backend.
> Yes, firewalld uses iptables.
>
> nftables is a different animal. nftables.service is disabled by default. See
> /etc/sysconfig/nftables.conf for "hints"
nftables is a successor to iptables, whose binaries now mostly symlink
to "xtables-legacy-multi". There's a hint in the name... So those of
us who use iptables directly are going to have to learn the nftables
syntax within the next 1/2/5/10/? years.
https://firewalld.org/2018/07/nftables-backend
https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables
And there's also bpfilter.
Humm... Learn something new every day.
Thanks!
--
The key to getting good answers is to ask good questions.