It seems iptables now uses iptables-nft compatible alternatives, so ufw will wrap around nftables by using iptables syntax. "Starting with Debian Buster, nf_tables is the default backend when using iptables, by means of the iptables-nft layer (i.e, using iptables syntax with the nf_tables kernel subsystem). This also affects ip6tables, arptables and ebtables."
Still, this isn't recommended: "NOTE: Debian Buster will use the nftables framework by default." And we certainly should be using the one Debian is planning to support for Buster "don't mix nftables and iptables rulesets unless you know what you are doing." It recommends migrating rulesets in the wiki ( nftables - Debian Wiki ) Should I replace an iptables firewall with a nftables one?Yes, nftables is the replacement for iptables. Hence, we should probably be suggesting nftables instead of ufw (which uses wrapped iptables) | | | | | | | | | | | nftables - Debian Wiki | | |
