Re: What is the best practice for a firewall for Debian Buster: iptables or nftables?
Hi,
20 juin 2020 à 16:24 de tom.browder@gmail.com:
> I see it's recommended that Buster users use nftables, but the default
> installation still uses iptables!
>
True & false.
Actually, as explained on https://wiki.debian.org/nftables, Buster uses an "iptables-nft layer (i.e, using iptables syntax with the nf_tables kernel subsystem). This also affects ip6tables, arptables and ebtables."
> I need to change ports on my new remote server to allow http and https
> traffic, but should I keep using iptables? Or should I remove iptables
> and install nftables first?
>
You decide. iptables is being progressively superseded by nftables. However, the former is still heavily used.
nftables is the future, that's why I've chosen it. But it requires a little more effort (new syntax) if you are used to iptables, even if it's considered easier and that some tools help regarding the migration...
> If I keep iptables, should I add a firewall management program like
> ufw or something else? Is there something like ufw for nftables?
>
Again you decide considering what you are comfortable with.
I don't think ufw works with nftables but you have firewalld instead that works with both I've been told.
Or you can use nftables directly...
Best regards,
l0f4r0
Reply to: