On Wed, Feb 24, 2021 at 07:26:35AM -0700, Gabe Stanton via Dng wrote:
> If I understand correctly, the iptables cli that we use now is just a
> wrapper around nftables.

Actually, there are two independent subsystems. They're managed by two
userspace tools:
* iptables-legacy
* iptables-nft

Rules set by one of them are not visible by the other. This may give a
nasty surprise if some tool sets a rule some other way.

/usr/sbin/iptables is an alternatives link to one of the two, you can check
    update-alternatives --display iptables
to see which subsystem you're using by default.

Meow!
--
⢀⣴⠾⠻⢶⣦⠀ Latin: meow 4 characters, 4 columns, 4 bytes
⣾⠁⢠⠒⠀⣿⡁ Greek: μεου 4 characters, 4 columns, 8 bytes
⢿⡄⠘⠷⠚⠋⠀ Runes: ᛗᛖᛟᚹ 4 characters, 4 columns, 12 bytes
⠈⠳⣄⠀⠀⠀⠀ Chinese: 喵 1 character, 2 columns, 3 bytes <-- best!