Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Moving from iptables to nftables
31 views
Skip to first unread message
William Torrez Corea
Apr 2, 2021, 5:30:05 AM4/2/21
to
Actually i'm moving/migrating from the old iptables/xtables (legacy) world to the new nftables framework.
I execute step by step the migration process:
- generate a translation of an iptables/ip6tables command to know the nftables equivalent
- Translate the whole ruleset in a single run
I using the nf_tables compat backend. I suppose that translation to native nftables syntax is done if available but I don't get any result.
sudo ebtables-nft -L
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
With kindest regards, William. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄⠀⠀⠀⠀
Alexander V. Makartsev
Apr 2, 2021, 6:40:05 AM4/2/21
to
On 02.04.2021 14:23, William Torrez
Corea wrote:
Actually i'm moving/migrating from the old iptables/xtables (legacy) world to the new nftables framework.
I execute step by step the migration process:
- generate a translation of an iptables/ip6tables command to know the nftables equivalent
- Translate the whole ruleset in a single run
I using the nf_tables compat backend. I suppose that translation to native nftables syntax is done if available but I don't get any result.
sudo ebtables-nft -L
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
Are you sure you need a ruleset for ethernet bridges (ebtables-nft)
and not for packet filtering and NAT (iptables-nft)?
-- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄⠀⠀⠀⠀
Georgi Naplatanov
Apr 2, 2021, 6:40:05 AM4/2/21
to
On 4/2/21 12:23 PM, William Torrez Corea wrote:
> Actually i'm moving/migrating from the old iptables/xtables (legacy)
> world to the new nftables framework.
>
> I execute step by step the migration process:
>
> 1. generate a translation of an iptables/ip6tables command to know the
> Actually i'm moving/migrating from the old iptables/xtables (legacy)
> world to the new nftables framework.
>
> I execute step by step the migration process:
>
> nftables equivalent
> 2. Translate the whole ruleset in a single run
>
> I using the nf_tables compat backend. I suppose that translation to
> native nftables syntax is done if available but I don't get any result.
>
> *sudo ebtables-nft -L*
> I using the nf_tables compat backend. I suppose that translation to
> native nftables syntax is done if available but I don't get any result.
>
> *
> *
> *Bridge table: filter
>
> Bridge chain: INPUT, entries: 0, policy: ACCEPT
>
> Bridge chain: FORWARD, entries: 0, policy: ACCEPT
>
> Bridge chain: OUTPUT, entries: 0, policy: ACCEPT*
> Bridge chain: INPUT, entries: 0, policy: ACCEPT
>
> Bridge chain: FORWARD, entries: 0, policy: ACCEPT
>
>
>
Hi William,
if your firewall configuration is not too complex then you can use
"gufw" GUI program to set up your firewall. gufw is GUI for ufw (Ubuntu
FireWall) and both are available in Debian repository.
HTH
Kind regards
Georgi
0 new messages