[CentOS] C7, firewalld and rich rules
Simon Matter
simon.matter at invoca.ch
Thu Jan 31 17:35:01 UTC 2019
> On 1/30/19 10:05 PM, Simon Matter via CentOS wrote:
>> Did you look at Shorewall? IMHO that's what is best used in such
>> situations and it works since many years now.
>
>
> shorewall doesn't support nftables, which is largely the point of
> firewalld: The Linux firewall system is currently undergoing yet
> another deprecation and migration from iptables to nftables. firewalld
> should remain stable during the migration process. As far as I know,
> there are no plans to support nftables under shorewall, so new users
> will most likely throw away any investment they make in learning and
> implementing shorewall.
IIRC nftables has a compatibility mode with iptables?
Anyway, I thought the future on Linux is bpfilter, no?
Until then, I'll continue to enjoy Shorewall as I did for more a decade now.
Regards,
Simon
More information about the CentOS
mailing list