On Di, Jul 16, 2019 at 11:23:43 +0200, Guillem Jover wrote:
On Tue, 2019-07-16 at 11:07:15 +0200, Arturo Borrero Gonzalez wrote:as you may know, Debian 10 buster includes the iptables-nft utility by default, which is an iptables flavor that uses the nf_tables kernel subsystem. Is intended to help people migrate from iptables to nftables.Yeah, this was a great way to migrate, thanks!
What is the problem with using iptables-nft compared to the new nft syntax?
According to the documentation nft seems quite more complex. What would be the replacement for a simple single line like iptables -I INPUT -j DROP -s <ip> -p tcp –dport 587 ?What about other packages like fail2ban? Does it „hurt” if different programs are using iptables-nft or nft?
Shade and sweet water! Stephan -- | Public Keys: http://fsing.rootsland.net/~stse/keys.html |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature