On Wed, 2021-02-24 at 16:00 +0200, Lars Noodén via Dng wrote:
> There is an awful lot of inertia for iptables, more than there was
> for
> ipchains, but iptables is rather difficult to learn and use. It has
> also been succeeded by nftables, which is where the development is
> happening. So even though Beowuulf seems to come with iptables, I
> would
> recommend removing iptables and installing with nft.
>
> See:
>
> https://wiki.nftables.org/
>
> https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes
>
> Furthermore, nftables keeps its configuration in a single file:
> /etc/nftables.conf which is then read on startup, once nftables is
> activate in sysvinit or openrc. Though it is very different, I find
> that nft makes a bit more sense. It is also supposed to be more
> efficient. YMMV.
>
> /Lars

If I understand correctly, the iptables cli that we use now is just a
wrapper around nftables.

The increased functionality of nftables is intriguing. The increased
verbosity was a turnoff, but if it's necessary for increased
functionality it's understandable.

Gabe