Re: [bitfolk] NFTables

Top Page

Reply to this message
Author: Keith Williams
Date:  
To: BitFolk Users
Subject: Re: [bitfolk] NFTables
Not sure if it is possible to remove iptables as such. Basically they both
run on the same underlying infrastructure. I flushed all tables set all
policies to accept then removed the various references to iptables when
booting (pre-up and pre-down). I also managed to get fail2ban working with
nftables (ipv4 at least)

On Sun, 25 Nov 2018 at 16:42, john lewis <zen57162@???> wrote:

> On Sat, 24 Nov 2018 18:13:10 +0800
> Keith Williams <keithwilliamsnp@???> wrote:
>
> > The iptables to nftables converter programs are an interesting case in
> > point. They merely change the syntax in existing rules, no combining
> > ipv4 and ipv6 for example - so there is duplication there within a
> > lot of the ruleset and the very real dangers in maintenance of
> > missing some edits. Some rules cannot be directly translated
> > programmatically. I came across an interesting article by a guy
> > converting. He used the software and then had to spend as long
> > reediting to make it work as he would have done starting from
> > scratch. And still ended up with separate tables for ipv4 and ipv6.
> > As I said I am merely offering a different viewpoint and approach
> > that might help someone
> >
>
> OK, I wasn't aware the wikis I mentioned were out of date. I did
> install nftables on my laptop and used the example workstation.nft
> provided by Debian to set it up. Can I now remove iptables?, I hadn't
> bothered setting it up as my laptop doesn't 'roam' public networks.
>
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>