![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
#1 2019-10-03 09:44:00
- chrisdb
- Member
- Registered: 2019-09-12
- Posts: 50
nftables as default firewall
Hi,
Would it be possible to add nftables as default firewall including a default config file?
I know that's the first action I take after installing a new system 
Offline
#2 2019-10-03 11:55:52
- damo
- ....moderator....
- Registered: 2015-08-20
- Posts: 6,734
Re: nftables as default firewall
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
#3 2019-10-03 12:28:43
- chrisdb
- Member
- Registered: 2019-09-12
- Posts: 50
Re: nftables as default firewall
ok, but if you want to use the nftables syntax, you still have to install the package
Also, I don't believe there's a default config file, eg for general desktop use...
Last edited by chrisdb (2019-10-03 12:28:52)
Offline
#4 2019-10-03 12:32:43
- clusterF
- Member
- Registered: 2019-05-07
- Posts: 539
Re: nftables as default firewall
Offline
#5 2019-10-03 13:51:58
- damo
- ....moderator....
- Registered: 2015-08-20
- Posts: 6,734
Re: nftables as default firewall
...
ok, but if you want to use the nftables syntax, you still have to install the package
...
My mistake - I didn't realize that you want to use nftables without installing nftables 
Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt «» BunsenLabs on DeviantArt
Offline
#6 2019-10-03 14:30:14
- Sector11
- Mod Squid Tpyo Knig
- From: Upstairs
- Registered: 2015-08-20
- Posts: 8,030
Re: nftables as default firewall
Not having installed Lithium yet does Debian Buster use the 4.10 kernel
Netfilter and nftables are used in applications such as Internet connection sharing, firewalls, IP accounting,
transparent proxying, advanced routing and traffic control.
A Linux kernel >= 3.13 is required. However, >= 4.10 is recommended.I'm good here: Kernel: 4.9.0-11-amd64 for the "required branch".
@ chrisdb - what's the advantage over iptables that come configured with BL?
I'm using a desktop as well.
Debian 12 Beardog, SoxDog and still a Conky 1.9er
Offline
#7 2019-10-03 14:46:20
- chrisdb
- Member
- Registered: 2019-09-12
- Posts: 50
Re: nftables as default firewall
My mistake - I didn't realize that you want to use nftables without installing nftables hmm
According to the Debian wiki page you mentioned, Buster indeed uses 'some sort' of nftables implementation, but with iptables syntax on a nf_tables kernel subsystem. I would rather use the nftables syntax directly
@ chrisdb - what's the advantage over iptables that come configured with BL?
I'm using a desktop as well.
From the FAQ on debian:
Why a new framework?
The previous framework (iptables) has several problems hard to address, regarding scalability, performance, code maintenance, etc..
Just want to be future safe 
Last edited by chrisdb (2019-10-03 14:47:14)
Offline