LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-25-2019, 02:28 AM   #1
Dynosaw3
Member
 
Registered: Feb 2016
Posts: 48

Rep: Reputation: Disabled
Transition iptables to nftables


I'm doing a pre-study before taking the plunge and installing Debian Buster. This implies building a firewall in nftables, which is new to me.
We're talking of a simple stand-alone, domestic, AMD-64 box with no frills.

QUESTION:
It seems that Tables have to be separately and explicitly declared in
the nftables script/ruleset.
But is it essential to declare tables which will not needed for example MANGLE and RAW?
And how will will the traffic filtering be affected if these tables are ommitted (i.e. deliberately not declared) ?

Can anyone help please?
Thanks in advance.
Dynosaw3
--
 
Old 09-26-2019, 08:04 PM   #2
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,272

Rep: Reputation: 154Reputation: 154
I've just started looking into this. I've a router that I plan to update from Stretch to Buster over Christmas.

The old iptables tools remain, at least in Buster, I assume for the purpose of backwards compatability with existing scripts and software. There are also migration tools to convert/transform your iptables rulesets into nft ones. So, if you already have a list of iptables rules, making use of the migration would seem to be a sensible way to go.

I don't see why you would need to declare the MANGLE and RAW tables if you are not going to add any rules to them. If there are no rules in these tables, they're not going to do anything to the traffic. When I save the ruleset on my Buster laptop (that uses iptables to configure the rules still) it only mentions the filter table, not the others (I only configure the filter table with my iptables rules).

Sorry, they're not exactly concrete answers, but I thought a few pointers would be better than leaving this unanswered.
 
Old 09-27-2019, 04:26 AM   #3
Dynosaw3
Member
 
Registered: Feb 2016
Posts: 48

Original Poster
Rep: Reputation: Disabled
Thanks very much for your reaction.
You answered my question.
[Quote]
"If there are no rules in these tables, they're not going to do anything to the traffic."
[unquote]
That's what I wanted to know.
Again thanks.
Dynosaw
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] translation from iptables to nftables kikilinux Linux - Security 3 12-17-2014 02:12 PM
[SOLVED] what is advantage of nftables over iptables packet filter ? kikilinux Linux - Security 1 10-01-2014 03:26 PM
NFTables To Replace iptables In the Linux Kernel jeremy Linux - News 0 10-21-2013 11:02 AM
LXer: NFTables IPTables-Replacement Queued For Linux 3.13 LXer Syndicated Linux News 0 10-20-2013 08:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration