Nftables + firewalld

Is there any plan to migrate to nftables and possibly with firewalld? Maybe from Turris 6.0? It is lot more easier to manage policies, zones, chains etc. That’s what I have on my Debian box.

What I like the most about the firewalld is that it is just 1cmd/click to switch the desired interface to the one of the predefined zones(home, public, dmz, custom ones etc), even on the fly wo making it persistent.

Additionally, as I know the iptables already deprecated.

I think that Turris OS inherits its firewall directly from OpenWrt and OpenWrt 21’s firewall3 is still using the iptables libraries directly*. Firewall4, currently being written, changes that to nftables if I recall correctly, but that still is work-in-progress.

*) As far as I can tell all iptables binaries have been spawned equally named successors that offer the iptables syntax but use nftables as backend, but that does not hep firewall3 as that does not use iptables binaries to begin with.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.