Solved: Why nftables is masked? Chapter 11. Managing Netwo...

mkeigo · ‎09-21-2021

Chapter 11. Managing Network Security of Red Hat System Administration II describes the firewall architecture concepts first, then it introduces nftables, the new filter and packet classification subsystem.

On the next page, the nftables service is masked. I am confused by this explanation.

Why the nftables service is masked here?
Dos it mean the nftables service is not compatibile firewalld?

mkeigo · ‎09-21-2021

I received answers from chat course assistance:

while https://rol.redhat.com/rol/app/courses/rh134-8.2/pages/ch11 , explains nftables concepts
the following exercise https://rol.redhat.com/rol/app/courses/rh134-8.2/pages/ch11s02 , has been used to show service masking for nftables - where nftables has been masked to prevent any accidental activation of the service.
In step 6.1 curl could not reach servera on port 443
step 8.1 shows that the service is dead ( but not masked ) - so we go ahead and mask it

View solution in original post

mkeigo · ‎09-21-2021

I received answers from chat course assistance:

while https://rol.redhat.com/rol/app/courses/rh134-8.2/pages/ch11 , explains nftables concepts
the following exercise https://rol.redhat.com/rol/app/courses/rh134-8.2/pages/ch11s02 , has been used to show service masking for nftables - where nftables has been masked to prevent any accidental activation of the service.
In step 6.1 curl could not reach servera on port 443
step 8.1 shows that the service is dead ( but not masked ) - so we go ahead and mask it

Why nftables is masked? Chapter 11. Managing Network Security of Red Hat System Administration II