Re: default firewall utility changes for Debian 11 bullseye

To: debian-devel@lists.debian.org
Subject: Re: default firewall utility changes for Debian 11 bullseye
From: Thomas Pircher <thp+debian@p5r.uk>
Date: Wed, 17 Jul 2019 12:32:31 +0100
Message-id: <[🔎] 20190717113231.GB3685@tpccl.tty1.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20190717T131025.GA.6d068.stse@fsing.rootsland.net>
References: <[🔎] f7dd8417-a31b-73a8-b966-24167daee4f5@debian.org> <[🔎] 20190716092343.GA10695@thunder.hadrons.org> <[🔎] 20190717T131025.GA.6d068.stse@fsing.rootsland.net>

Stephan Seitz wrote:
> What would be the replacement for a simple single line like
> iptables -I INPUT -j DROP -s <ip>  -p tcp –dport 587 ?

You can use the iptables-translate. It is not foolproof and does not
always git the best results, but it can give you a good starting point
for your optimisations:

# iptables-translate -A INPUT -s 1.2.3.4  -p tcp --dport 587 -j DROP
nft add rule ip filter INPUT ip saddr 1.2.3.4 tcp dport 587 counter drop

Thomas

Reply to:

Follow-Ups:
- Re: default firewall utility changes for Debian 11 bullseye
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>

References:
- default firewall utility changes for Debian 11 bullseye
  - From: Arturo Borrero Gonzalez <arturo@debian.org>
- Re: default firewall utility changes for Debian 11 bullseye
  - From: Guillem Jover <guillem@debian.org>
- Re: default firewall utility changes for Debian 11 bullseye
  - From: Stephan Seitz <stse+debian@fsing.rootsland.net>

Prev by Date: Re: default firewall utility changes for Debian 11 bullseye
Next by Date: Re: default firewall utility changes for Debian 11 bullseye
Previous by thread: Re: default firewall utility changes for Debian 11 bullseye
Next by thread: Re: default firewall utility changes for Debian 11 bullseye
Index(es):
- Date
- Thread