The iptables to nftables converter programs are an interesting case in
point. They merely change the syntax in existing rules, no combining ipv4
and ipv6 for example - so there is duplication there within a lot of the
ruleset and the very real dangers in maintenance of missing some edits.
Some rules cannot be directly translated programmatically. I came across an
interesting article by a guy converting. He used the software and then had
to spend as long reediting to make it work as he would have done starting
from scratch. And still ended up with separate tables for ipv4 and ipv6.
As I said I am merely offering a different viewpoint and approach that
might help someone
On Sat, 24 Nov 2018 at 18:02, Keith Williams <keithwilliamsnp@???>
wrote:
> Yes there are. But not on the Bitfolk wiki. I have also found errors on
> each one of them or outdated information. , so I am attempting to document
> my journey through these to achieve a working nftables firewall utilising
> the new features with minimum code. There are many routes to the goal. The
> official wiki, for example, gives some example code which even if copied
> and pasted is rejected by nft. It also recommends one particular method of
> adding rulesets whilst discouraging another method, then because many of
> the pages are out of date uses the "bad" method. Nft is evolving quite
> fast, but some parts of the already published information has been left
> behind.
> If nothing else it will give another choice to people wanting to try it
>
>
> On Sat, 24 Nov 2018 at 16:37, john lewis <zen57162@???> wrote:
>
>> On Sat, 24 Nov 2018 12:39:12 +0800
>> Keith Williams <keithwilliamsnp@???> wrote:
>>
>> > I have put the first part of the wiki article up, still a lot to write
>> > though. Will add more later, aiming to finish by the end of the
>> > weekend. I am in the GMT + 8 timezone and it is time for siesta (and
>> > being a weekend, a beer as well)
>>
>> There are already several wikis for nftables:-
>>
>> https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
>>
>>
>> https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables
>>
>> and a Debian specific one (plus other distro specific ones)
>> https://wiki.debian.org/nftables
>>
>>
>>
>> --
>> John Lewis
>>
>> _______________________________________________
>> users mailing list
>> users@???
>> https://lists.bitfolk.com/mailman/listinfo/users
>>
>
