You are not logged in.

#1 2019-10-03 09:44:00

chrisdb
Member
Registered: 2019-09-12
Posts: 42

nftables as default firewall

Hi,

Would it be possible to add nftables as default firewall including a default config file?
I know that's the first action I take after installing a new system smile

Offline

#2 2019-10-03 11:55:52

damo
....moderator....
Registered: 2015-08-20
Posts: 5,157

Re: nftables as default firewall


Be Excellent to Each Other...

FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#3 2019-10-03 12:28:43

chrisdb
Member
Registered: 2019-09-12
Posts: 42

Re: nftables as default firewall

ok, but if you want to use the nftables syntax, you still have to install the package smile
Also, I don't believe there's a default config file, eg for general desktop use...

Last edited by chrisdb (2019-10-03 12:28:52)

Offline

#4 2019-10-03 12:32:43

clusterF
Member
Registered: 2019-05-07
Posts: 234

Offline

#5 2019-10-03 13:51:58

damo
....moderator....
Registered: 2015-08-20
Posts: 5,157

Re: nftables as default firewall

chrisdb wrote:

...
ok, but if you want to use the nftables syntax, you still have to install the package smile
...

My mistake - I didn't realize that you want to use nftables without installing nftables hmm


Be Excellent to Each Other...

FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

#6 2019-10-03 14:30:14

Sector11
The Tpyo Knig Mod
From: 77345 ¡#
Registered: 2015-08-20
Posts: 5,632

Re: nftables as default firewall

Not having installed Lithium yet does Debian Buster use the 4.10 kernel

 Netfilter and nftables are used in applications such as Internet connection sharing, firewalls, IP accounting,
 transparent proxying, advanced routing and traffic control. 
 
 A Linux kernel >= 3.13 is required. However, >= 4.10 is recommended.

I'm good here: Kernel: 4.9.0-11-amd64 for the "required branch".

@ chrisdb - what's the advantage over iptables that come configured with BL?
I'm using a desktop as well.


BunsenLabs Forum Rules ---== I'm a Conky 1.9'er ==---
System:    Host: d67 Kernel: 4.9.0-9-amd64 x86_64 (64 bit gcc: 6.3.0)
Desktop: Openbox 3.6.1 Distro: Debian GNU/Linux 9 (stretch)

Offline

#7 2019-10-03 14:46:20

chrisdb
Member
Registered: 2019-09-12
Posts: 42

Re: nftables as default firewall

damo wrote:

My mistake - I didn't realize that you want to use nftables without installing nftables hmm

According to the Debian wiki page you mentioned, Buster indeed uses 'some sort' of nftables implementation, but with iptables syntax on a nf_tables kernel subsystem. I would rather use the nftables syntax directly smile

Sector11 wrote:

@ chrisdb - what's the advantage over iptables that come configured with BL?
I'm using a desktop as well.

From the FAQ on debian:

Why a new framework?
The previous framework (iptables) has several problems hard to address, regarding scalability, performance, code maintenance, etc..

Just want to be future safe wink

Last edited by chrisdb (2019-10-03 14:47:14)

Offline

Board footer

Powered by FluxBB