24 Nov
2018
24 Nov
'18
10:13 a.m.
The iptables to nftables converter programs are an interesting case in
point. They merely change the syntax in existing rules, no combining ipv4
and ipv6 for example - so there is duplication there within a lot of the
ruleset and the very real dangers in maintenance of missing some edits.
Some rules cannot be directly translated programmatically. I came across an
interesting article by a guy converting. He used the software and then had
to spend as long reediting to make it work as he would have done starting
from scratch. And still ended up with separate tables for ipv4 and ipv6.
As I said I am merely offering a different viewpoint and approach that
might help someone
On Sat, 24 Nov 2018 at 18:02, Keith Williams <keithwilliamsnp(a)gmail.com>
wrote:
Yes there are. But not on the Bitfolk wiki. I have
also found errors on
each one of them or outdated information. , so I am attempting to document
my journey through these to achieve a working nftables firewall utilising
the new features with minimum code. There are many routes to the goal. The
official wiki, for example, gives some example code which even if copied
and pasted is rejected by nft. It also recommends one particular method of
adding rulesets whilst discouraging another method, then because many of
the pages are out of date uses the "bad" method. Nft is evolving quite
fast, but some parts of the already published information has been left
behind.
If nothing else it will give another choice to people wanting to try it
On Sat, 24 Nov 2018 at 16:37, john lewis <zen57162(a)zen.co.uk> wrote:
On Sat, 24 Nov 2018 12:39:12 +0800
Keith Williams <keithwilliamsnp(a)gmail.com> wrote:
I have put the first part of the wiki article up,
still a lot to write
though. Will add more later, aiming to finish by the end of the
weekend. I am in the GMT + 8 timezone and it is time for siesta (and
being a weekend, a beer as well)
There are already several wikis for nftables:-
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_n…
and a Debian specific one (plus other distro specific ones)
https://wiki.debian.org/nftables
--
John Lewis
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users