In ipfw there is the same fuss with layers as in firewalld with zones.
Linux kernel 3.13 was released Jan 2014 and had nf_tables. RHEL has had nf_tables as technology preview in RHEL 7 (since 7.3, Nov 2016) and as standard since RHEL 8 (May 2019).
ARC surely has had time to study the nf_tables and thus adjust their practices? (I know, there is never time.)
The ipfw, ufw, firewalld are front-ends that provide a layer of abstraction. They offer logical concepts for human user and generate machine-readable rules for the kernel. This reduces typos and syntax errors in the actual ruleset. For example, to forward a port is multiple actual rules in netfilter/nf_tables, but front-end UI lets you simply say: “I want traffic to port X to go into internal server Y”. That is no fuss, just a bit different view.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.