Re: Migrating to Debian - which firewall ?

To: Kamil Jońca <kjonca@o2.pl>
Cc: debian-user@lists.debian.org
Subject: Re: Migrating to Debian - which firewall ?
From: Dan Ritter <dsr@randomstring.org>
Date: Mon, 19 Jan 2026 20:45:39 -0500
Message-id: <[🔎] 3kgkz64w5cjgzrcphyhnscky6jh3mvn7vp2fyp5ge2kk7r32tb@m4rxwjr5arud>
In-reply-to: <[🔎] 87wm1dbqum.fsf@alfa.kjonca>
References: <MeUdb-bFV0-13@gated-at.bofh.it> <MeVCi-bGX3-9@gated-at.bofh.it> <[🔎] 87wm1dbqum.fsf@alfa.kjonca>

Kamil Jońca wrote: 
> "Alexander V. Makartsev" <avbetev@gmail.com> writes:
> 
> [...]
> >
> > There is also a new kid around called "nft" which should replace
> > iptables, but its syntax is super weird and non-intuitive for me, so I
> > consider it a downgrade.
> 
> I disagree. I was happy iptables user and some time ago I migrated my
> rules to nftables. Indeed this is no 1-1 migration, you have to rethink
> your rules, but IMO this is more comfortable.
> The main difference (IMO) is that most your dynamic logic shoud go to
> sets not to the rules itself.


It is also true that iptables was re-implemented as a front-end
to nft in a previous Debian Stable release, so if you don't want
any of the new nft features, you can continue using iptables
as-is.

-dsr-

Reply to:

Follow-Ups:
- Re: Migrating to Debian - which firewall ?
  - From: Michel Verdier <listes@verdier.eu>

References:
- Re: Migrating to Debian - which firewall ?
  - From: Kamil Jońca <kjonca@o2.pl>

Prev by Date: Re: Venting about forums.debian.net
Next by Date: Re: Venting about forums.debian.net
Previous by thread: Re: Migrating to Debian - which firewall ?
Next by thread: Re: Migrating to Debian - which firewall ?
Index(es):
- Date
- Thread