Re: Migrating to Debian - which firewall ?
Hi
> As you point out below, iptables is being replaced by nftables so
> choosing now to learn iptables seems a silly idea. So it seems wiser to
> use a frontend like ufw or firewalld that both support either backend.
>
> I suppose ufw is simpler but firewalld may be more familiar to Nicolas.
>
> > There is also a new kid around called "nft" which should replace
> > iptables, but its syntax is super weird and non-intuitive for me, so
> > I consider it a downgrade.
> > Luckily iptables` syntax still supported via iptables-to-nft rules
> > translation with support for the most of iptables extensions, so for
> > the time being iptables syntax will stay available for use.
After some effort I switched to nftables. I enabled nftables systemd service
and filled /etc/nftables.conf with my conf. I have simple needs, but one thing
that I like is the ability to have the same rule for ipv4 and ipv6 ports.
There are some interesting examples online:
https://wiki.archlinux.org/title/Nftables#Examples
https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_server
Thanks,
Alex
Reply to: