Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux_router:iptables [2019-12-08 Sun wk49 12:01] baumkplinux_router:iptables [2023-04-30 Sun wk17 17:43] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +{{tag>linux router firewall IPTables}}
 =====IPTables Configuration===== =====IPTables Configuration=====
  
-++++IPTables Configuration|I went down the route of attempting to configure the firewall using NFtables. NFTables has some nice features that look to make it more user friendly than IPTables. That being said for those already familiar with IPTables this may not be the case. Furthermore, on larger, more complex installs NFTables looks to have some significant technical advantages over IPTables, but these benefits are probably less significant on my smaller undertaking. Unfortunately the package version supplied with Ubuntu 16.04 was released in 2015-11, and during my configuration I found some bugs. Also mss clamping is not supported in this version. I tried the Ubuntu 18.04 development version and the previous noted bugs were no longer apparent and mss clamping was supported.+I went down the route of attempting to configure the firewall using NFtables. NFTables has some nice features that look to make it more user friendly than IPTables. On larger, more complex installs NFTables looks to have some significant technical advantages over IPTables, but these benefits are probably less significant on my smaller undertaking. That being said for those already familiar with IPTables this will not be the case. 
 + 
 +As of year ending 2019 general support and functionality of NFTables is much improved.  That being said overall information and support for IPTables is more comprehensive.  Application packages such as Docker and Fail2ban basically still have default enbedment of IPTables with use of NFTables required greater care and effort.  
 + 
 +<fs smaller>Unfortunately the package version supplied with Ubuntu 16.04 was released in 2015-11, and during my configuration I found some bugs. Also mss clamping is not supported in this version. I tried the Ubuntu 18.04 development version and the previous noted bugs were no longer apparent and mss clamping was supported.</fs> 
 + 
 +**//I have not cross checked this IPTable version against the working NFTables version, and it is definitely out of alignment and untested.//**
  
-I have not cross checked this IPTable version against the working NFTables version, and it is definitely out of alignment and untested.++++ 
-++++Sample IPTables configuration| 
 ====Sample IPTables configuration==== ====Sample IPTables configuration====
  
Line 86: Line 91:
  
 COMMIT COMMIT
-</code>+++++</code>
 ====Additional IPTables setup requirements==== ====Additional IPTables setup requirements====
-++++Additional IPTables setup requirements|+
 ===Persistent IPTables on Boot and before Network Start-up:=== ===Persistent IPTables on Boot and before Network Start-up:===
  
Line 104: Line 109:
  
   *''iptable -L'' , lists the tables, by default the filter table. To list the nat table, add ''-t nat''. For more verbose information, add ''-v''   *''iptable -L'' , lists the tables, by default the filter table. To list the nat table, add ''-t nat''. For more verbose information, add ''-v''
-+++++ 
 +---- 
 + 
 +  *< linux_router:nftables_control|Prev page ^ linux_router:start|Start page ^ linux_router:DNS_DHCP|Next page ->