On 2/24/21 2:01 PM, Steve Litt wrote:
> Hi all,
>
> I'm now at the stage where I need a firewall on my Devuan VM guest,
> and I don't know how to do it. I have the iptables package installed,
> and /usr/sbin/iptables is a command, but I have no idea where to go
> from there. Is there a file that iptables uses to define which ports
> are blocked?
There is an awful lot of inertia for iptables, more than there was for
ipchains, but iptables is rather difficult to learn and use. It has
also been succeeded by nftables, which is where the development is
happening. So even though Beowuulf seems to come with iptables, I would
recommend removing iptables and installing with nft.
See:
https://wiki.nftables.org/
https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes
Furthermore, nftables keeps its configuration in a single file:
/etc/nftables.conf which is then read on startup, once nftables is
activate in sysvinit or openrc. Though it is very different, I find
that nft makes a bit more sense. It is also supposed to be more
efficient. YMMV.
/Lars