Not sure if it is possible to remove iptables as such. Basically they both
run on the same underlying infrastructure. I flushed all tables set all
policies to accept then removed the various references to iptables when
booting (pre-up and pre-down). I also managed to get fail2ban working with
nftables (ipv4 at least)
On Sun, 25 Nov 2018 at 16:42, john lewis <zen57162(a)zen.co.uk> wrote:
On Sat, 24 Nov 2018 18:13:10 +0800
Keith Williams <keithwilliamsnp(a)gmail.com> wrote:
The iptables to nftables converter programs are
an interesting case in
point. They merely change the syntax in existing rules, no combining
ipv4 and ipv6 for example - so there is duplication there within a
lot of the ruleset and the very real dangers in maintenance of
missing some edits. Some rules cannot be directly translated
programmatically. I came across an interesting article by a guy
converting. He used the software and then had to spend as long
reediting to make it work as he would have done starting from
scratch. And still ended up with separate tables for ipv4 and ipv6.
As I said I am merely offering a different viewpoint and approach
that might help someone
OK, I wasn't aware the wikis I mentioned were out of date. I did
install nftables on my laptop and used the example workstation.nft
provided by Debian to set it up. Can I now remove iptables?, I hadn't
bothered setting it up as my laptop doesn't 'roam' public networks.
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users