Re: Migrating to Debian - which firewall ?
"Alexander V. Makartsev" <avbetev@gmail.com> wrote:
> On 1/19/26 14:49, Nicolas Kovacs wrote:
> > Hi,
> >
> > I'm a long-time Linux user (two and a half decades since Slackware
> > 7.1). I've been using RHEL clones mainly for the last ten years or
> > so, on desktops as well as servers (local and Internet-facing). For
> > firewalling I simply chose the default Firewalld.
> >
> > I understand under Debian there are different possibilities to
> > handle firewalls. As far as I understand, ufw (Uncomplicated
> > firewall) seems to be the default, though Firewalld seems to be an
> > option.
> >
> > Any recommendations ?
> You can use pure "iptables" and "iptables-persistent" as a third
> option. It will be more efficient to learn iptables syntax and use it
> on any distro than learning syntax of a different wrappers for
> iptables like ufw and the others.
> Develop a simple ruleset and manage it with command line utils or
> directly edit the rules files with text editor.
As you point out below, iptables is being replaced by nftables so
choosing now to learn iptables seems a silly idea. So it seems wiser to
use a frontend like ufw or firewalld that both support either backend.
I suppose ufw is simpler but firewalld may be more familiar to Nicolas.
> There is also a new kid around called "nft" which should replace
> iptables, but its syntax is super weird and non-intuitive for me, so
> I consider it a downgrade.
> Luckily iptables` syntax still supported via iptables-to-nft rules
> translation with support for the most of iptables extensions, so for
> the time being iptables syntax will stay available for use.
Reply to: