Not sure if it is possible to remove iptables as such. Basically they both run on the same underlying infrastructure. I flushed all tables set all policies to accept then removed the various references to iptables when booting (pre-up and pre-down). I also managed to get fail2ban working with nftables (ipv4 at least)
On Sat, 24 Nov 2018 18:13:10 +0800
Keith Williams <keithwilliamsnp@gmail.com> wrote:
> The iptables to nftables converter programs are an interesting case in
> point. They merely change the syntax in existing rules, no combining
> ipv4 and ipv6 for example - so there is duplication there within a
> lot of the ruleset and the very real dangers in maintenance of
> missing some edits. Some rules cannot be directly translated
> programmatically. I came across an interesting article by a guy
> converting. He used the software and then had to spend as long
> reediting to make it work as he would have done starting from
> scratch. And still ended up with separate tables for ipv4 and ipv6.
> As I said I am merely offering a different viewpoint and approach
> that might help someone
>
OK, I wasn't aware the wikis I mentioned were out of date. I did
install nftables on my laptop and used the example workstation.nft
provided by Debian to set it up. Can I now remove iptables?, I hadn't
bothered setting it up as my laptop doesn't 'roam' public networks.
_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users