Differences

This shows you the differences between two versions of the page.

--- linux_router:iptables [2019-12-08 Sun wk49 12:03] – baumkp
+++ linux_router:iptables [2024-12-15 Sun wk50 10:31] (current) – [IPTables Configuration] baumkp
@@ Line 1: / Line 1: @@
+{{tag>linux router firewall IPTables}}
 =====IPTables Configuration=====
+Having delved into IPtables and NFtables about the same time, my feelings are that NFTables is generally superior in just about every way,  I can not be bothered explaining this, this is just my experience and feeling.  I would preferentially use NFTables over IPtables where I have a choice.  Unfortunately some software still uses IPtables, e.g. Docker.  So it is good to be able to be sufficiently fluent and be able to work in both at this time.
-++++IPTables Configuration|I went down the route of attempting to configure the firewall using NFtables. NFTables has some nice features that look to make it more user friendly than IPTables. That being said for those already familiar with IPTables this may not be the case. Furthermore, on larger, more complex installs NFTables looks to have some significant technical advantages over IPTables, but these benefits are probably less significant on my smaller undertaking. Unfortunately the package version supplied with Ubuntu 16.04 was released in 2015-11, and during my configuration I found some bugs. Also mss clamping is not supported in this version. I tried the Ubuntu 18.04 development version and the previous noted bugs were no longer apparent and mss clamping was supported.
+++++tl;dr;|
+I went down the route of attempting to configure the firewall using NFtables. NFTables has some nice features that look to make it more user friendly than IPTables. On larger, more complex installs NFTables looks to have some significant technical advantages over IPTables, but these benefits are probably less significant on my smaller undertaking. That being said for those already familiar with IPTables this will not be the case.
+As of year ending 2019 general support and functionality of NFTables is much improved.  That being said overall information and support for IPTables is more comprehensive.  Application packages such as Docker and Fail2ban basically still have default enbedment of IPTables with use of NFTables required greater care and effort.
+<fs smaller>Unfortunately the package version supplied with Ubuntu 16.04 was released in 2015-11, and during my configuration I found some bugs. Also mss clamping is not supported in this version. I tried the Ubuntu 18.04 development version and the previous noted bugs were no longer apparent and mss clamping was supported.</fs>
+++++
+**//I have not cross checked this IPTable version against the working NFTables version, and it is definitely out of alignment and untested.//**
-I have not cross checked this IPTable version against the working NFTables version, and it is definitely out of alignment and untested.++++
-++++Sample IPTables configuration|
 ====Sample IPTables configuration====
@@ Line 86: / Line 93: @@
 COMMIT
-</code>++++
+</code>
 ====Additional IPTables setup requirements====
-++++Additional IPTables setup requirements|
 ===Persistent IPTables on Boot and before Network Start-up:===
@@ Line 104: / Line 111: @@
   *''iptable -L'' , lists the tables, by default the filter table. To list the nat table, add ''-t nat''. For more verbose information, add ''-v''.
-++++
-  *<-  linux_router:nftables|Prev page ^ linux_router:start|Start page ^ linux_router:nftables|Next page ->
+----
+  *<-  linux_router:nftables_control|Prev page ^ linux_router:start|Start page ^ linux_router:DNS_DHCP|Next page ->