25 Nov
2018
25 Nov
'18
8:41 a.m.
On Sat, 24 Nov 2018 18:13:10 +0800
Keith Williams <keithwilliamsnp(a)gmail.com> wrote:
The iptables to nftables converter programs are an
interesting case in
point. They merely change the syntax in existing rules, no combining
ipv4 and ipv6 for example - so there is duplication there within a
lot of the ruleset and the very real dangers in maintenance of
missing some edits. Some rules cannot be directly translated
programmatically. I came across an interesting article by a guy
converting. He used the software and then had to spend as long
reediting to make it work as he would have done starting from
scratch. And still ended up with separate tables for ipv4 and ipv6.
As I said I am merely offering a different viewpoint and approach
that might help someone
OK, I wasn't aware the wikis I mentioned were out of date. I did
install nftables on my laptop and used the example workstation.nft
provided by Debian to set it up. Can I now remove iptables?, I hadn't
bothered setting it up as my laptop doesn't 'roam' public networks.