On Wed, 17 Jul 2019, Stephan Seitz wrote: > On Di, Jul 16, 2019 at 11:23:43 +0200, Guillem Jover wrote: > > On Tue, 2019-07-16 at 11:07:15 +0200, Arturo Borrero Gonzalez wrote: > > > as you may know, Debian 10 buster includes the iptables-nft utility by > > > default, which is an iptables flavor that uses the nf_tables kernel > > > subsystem. Is intended to help people migrate from iptables to nftables. > > Yeah, this was a great way to migrate, thanks! > > What is the problem with using iptables-nft compared to the new nft syntax? > > According to the documentation nft seems quite more complex. > What would be the replacement for a simple single line like > iptables -I INPUT -j DROP -s <ip> -p tcp –dport 587 ? > > What about other packages like fail2ban? Does it „hurt” if different > programs are using iptables-nft or nft? > The thing you want to avoid is mixing nft with iptables-legacy. iptables-nft and nft should be fine.
-- Email: ja...@strandboge.com IRC: jdstrand
signature.asc
Description: PGP signature
