Re: stretch vs iptables auto-start

To: debian-user@lists.debian.org
Subject: Re: stretch vs iptables auto-start
From: Gene Heskett <gheskett@shentel.net>
Date: Sun, 23 Aug 2020 21:44:00 -0400
Message-id: <[🔎] 202008232144.00905.gheskett@shentel.net>
In-reply-to: <[🔎] rhuif2$7pa$1@ciao.gmane.io>
References: <[🔎] 202008231426.19755.gheskett@shentel.net> <[🔎] rhuif2$7pa$1@ciao.gmane.io>

On Sunday 23 August 2020 16:10:10 deloptes wrote:

> Hi Gene,
>
> Gene Heskett wrote:
> > Since the big conversion of file structs vs who owns what, which
> > apparently includes running rc.local as the logged in user and not
> > as root, that has hidden the iptables stuff from everybody but root
> > since its not now in the users $PATH.
>
> I was running home brew iptables firewall until couple of months ago.
> It was time to upgrade since iptables is getting replaced by net
> filter (nftables). It was obvious that at some point an upgrade is
> inevitable.
>
> After researching some options I picked up shorewall and I am very
> happy with it.
>
> My requirement was to be able to easily configure and maintain a
> firewall with at least 3 (three) network cards Internet, Intranet and
> DMZ. Accent put on easy to configure - and I must admit the shorewall
> thing is amazing.
>
> > So what is the best way to assure this stuff gets started during a
> > reboot or restart of X? Stuff that s/b running regardless of any X
> > restarts until the next full reboot?  Stretch, uptodate plus tde
> > here.
>
> I don't know if it suits your needs - you might be looking for a
> desktop firewall, which I do not need and thus don't know ... but keep
> in mind that at some point in the future nftables will be the king.
>
> regards

At the present time I have around 80 rules, all designed to deny the 
network spiders and bots that think they have to mirror my several 
giga-byte site, 2 or 3 times a day.  And that was eating up my bandwidth 
allocation on a slow net connection.

Is there a tut someplace to guide one in converting from iptables to this 
newer nftables? I'm assumeing its a similar utility.

Thanks.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: stretch vs iptables auto-start
  - From: deloptes <deloptes@gmail.com>

References:
- stretch vs iptables auto-start
  - From: Gene Heskett <gheskett@shentel.net>
- Re: stretch vs iptables auto-start
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Re: stretch vs iptables auto-start
Next by Date: Re: Homebuilt NAS: System Drive Filesystem?
Previous by thread: Re: stretch vs iptables auto-start
Next by thread: Re: stretch vs iptables auto-start
Index(es):
- Date
- Thread