iptables

Trevor

Is there a successor to iptables, or is it still the predominant
tool for the purpose that it serves?

Trevor "Red Hat Evangelist" Chandler

Tracy_Baker

I use firewalld (the daemon), with the command line configuration tool being firewall-cmd. It'll do pretty much the same things as iptables using rich rules.

The GUI configuration tool (dnf install firewall-applet) is a front-end for firewalld and it pretty easy to use and understand.

I stopped using iptables about, oh, 10 years or so ago. They're not even loaded on my server any more.

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

Trevor

Not used in 10 years? Looks like it's time to put iptables on the shelf!!

firewall-cmd all the way!!! No GUI for this kid - too challenging for me

Trevor "Red Hat Evangelist" Chandler

Gopinath_Pigili

What comes after 'iptables'? Its successor, of course: "nftables"

Nftables is a new packet classification framework that aims to replace the existing iptables, ip6tables, arptables..etc. It aims to resolve a lot of limitations that exist in the venerable ip/ip6tables tools. Traditionally iptables has long been a reliable tool, nftables emerges as a more efficient and future-ready solution.

To be frank..., I never used nftables. As Tracy_Baker mentioned, I work with firewalld to define rules in my work environment.

Thanks

Trevor

We'll all serve ourselves well if we follow Tracy's lead!!!

Trevor "Red Hat Evangelist" Chandler

Chetan_Tiwary_

@Trevor as far as your question is concerned - the precise PhD level answer indeed is "nftables" . Refer this blog : https://developers.redhat.com/blog/2016/10/28/what-comes-after-iptables-its-successor-of-course-nfta...

However, since we all are predominantly junior school Linux toddlers - the tool you want to learn and use is firewalld daemon with the CLI tool firewall-cmd.

https://www.redhat.com/en/blog/beginners-guide-firewalld

The following is a brief overview in which scenario you should use one of the following utilities:

firewalld: Use the firewalld utility for simple firewall use cases. The utility is easy to use and covers the typical use cases for these scenarios.
nftables: Use the nftables utility to set up complex and performance-critical firewalls, such as for a whole network.
iptables: The iptables utility on Red Hat Enterprise Linux uses the nf_tables kernel API instead of the legacy back end. The nf_tables API provides backward compatibility so that scripts that use iptables commands still work on Red Hat Enterprise Linux.

USE anyone of the above in your machine.

And Yes, @Tracy_Baker is right, I stopped using iptables since RHEL 7 ( way back since 2014 )

Trevor

Someone posed this question back in 2016! Where have I been, under a rock
The COVID excuse that I've been using ain't gonna hold up anymore!!!

Chetan, you've hit another grandslam with your response! However, I'm a little
confused about your comment, "we all are predominantly junior school Linux toddlers".
It's the pronoun "we" that's causing the confusion. It suggests that you are including
yourself in this group. Surely this is a misread on my part. I mean, could anyone
suggest that Steph Curry, of the Golden State Warriors, plays at the level of players
in the G League

The definitive answer, nftables, was provided by the PhD of this community -
Chetan Tiwary!!! Thank you for another knowledge elevating response!!!

Trevor "Red Hat Evangelist" Chandler