You are not logged in.

#1 2019-10-03 09:44:00

chrisdb
Member
Registered: 2019-09-12
Posts: 50

nftables as default firewall

Hi,

Would it be possible to add nftables as default firewall including a default config file?
I know that's the first action I take after installing a new system smile

Offline

#2 2019-10-03 11:55:52

damo
....moderator....
Registered: 2015-08-20
Posts: 5,547

Re: nftables as default firewall


Be Excellent to Each Other...

FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#3 2019-10-03 12:28:43

chrisdb
Member
Registered: 2019-09-12
Posts: 50

Re: nftables as default firewall

ok, but if you want to use the nftables syntax, you still have to install the package smile
Also, I don't believe there's a default config file, eg for general desktop use...

Last edited by chrisdb (2019-10-03 12:28:52)

Offline

#4 2019-10-03 12:32:43

clusterF
Member
Registered: 2019-05-07
Posts: 503

Re: nftables as default firewall


"Ad Astra Incrementis"

git: clusterF

Offline

#5 2019-10-03 13:51:58

damo
....moderator....
Registered: 2015-08-20
Posts: 5,547

Re: nftables as default firewall

chrisdb wrote:

...
ok, but if you want to use the nftables syntax, you still have to install the package smile
...

My mistake - I didn't realize that you want to use nftables without installing nftables hmm


Be Excellent to Each Other...

FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#6 2019-10-03 14:30:14

Sector11
Conky 1.9er Mod Squid
From: Upstairs
Registered: 2015-08-20
Posts: 5,840

Re: nftables as default firewall

Not having installed Lithium yet does Debian Buster use the 4.10 kernel

 Netfilter and nftables are used in applications such as Internet connection sharing, firewalls, IP accounting,
 transparent proxying, advanced routing and traffic control. 
 
 A Linux kernel >= 3.13 is required. However, >= 4.10 is recommended.

I'm good here: Kernel: 4.9.0-11-amd64 for the "required branch".

@ chrisdb - what's the advantage over iptables that come configured with BL?
I'm using a desktop as well.


The sun will never set if you keep walking towards it. - my son
He has finished the chemo and rang the Gong!
Finished the radiation treatment and rang the Gong!
Now to finish the immunology treatments.

Offline

#7 2019-10-03 14:46:20

chrisdb
Member
Registered: 2019-09-12
Posts: 50

Re: nftables as default firewall

damo wrote:

My mistake - I didn't realize that you want to use nftables without installing nftables hmm

According to the Debian wiki page you mentioned, Buster indeed uses 'some sort' of nftables implementation, but with iptables syntax on a nf_tables kernel subsystem. I would rather use the nftables syntax directly smile

Sector11 wrote:

@ chrisdb - what's the advantage over iptables that come configured with BL?
I'm using a desktop as well.

From the FAQ on debian:

Why a new framework?
The previous framework (iptables) has several problems hard to address, regarding scalability, performance, code maintenance, etc..

Just want to be future safe wink

Last edited by chrisdb (2019-10-03 14:47:14)

Offline

Board footer

Powered by FluxBB