:: Re: [DNG] nftables firewall and fai…
Top Page
Delete this message
Reply to this message
Author: wirelessduck
Date:  
To: dng
Subject: Re: [DNG] nftables firewall and fail2ban replacement.


> On 16 Jan 2022, at 19:41, onefang <onefang_devuan@???> wrote:
>
> On 2022-01-16 17:23:29, wirelessduck--- via Dng wrote:
>>
>>
>>>> On 16 Jan 2022, at 12:54, Bob Proulx via Dng <dng@???> wrote:
>>>
>>>> Any suggestions?
>>>
>>> I am not really happy with any of the programs I have looked at
>>> either.
>>>
>>> Ubuntu really pushes ufw but it feels too complicated to me. (Joking
>>> because it is supposed to be the Uncomplicated Firewall.) But I don't
>>> like that one shapes ufw in bits and pieces like crafting clay on a
>>> pottery table. I would much rather have a file with the rules (or at
>>> least most of them) in one place that then could get version
>>> controlled and copied around. ufw does maintain files behind the
>>> scenes though so perhaps one could hack at those files directly and
>>> avoid the command line interface.
>>>
>>> Bob
>>
>> Have you tried firehol? It uses configuration files to set firewall rules for both inbound and outbound connections.
>>
>> https://firehol.org/
>
> firehol doesn't support nftables. Yet, looks like they been thinking
> about it for years.


Ahh thanks. I just read the bug report and looks like it might not happen anytime soon.

https://github.com/firehol/firehol/issues/48

I looked at ferm but that appears to be similar and won’t be updated to support nftables. There was a bug filed to netfilter for some usability improvements that might be useful if switching to plain nftables configuration files.

https://bugzilla.netfilter.org/show_bug.cgi?id=1434

I also found APF which might be a good alternative frontend.

https://www.rfxn.com/projects/advanced-policy-firewall/