"Alexander V. Makartsev" <[email protected]> wrote: > On 1/19/26 14:49, Nicolas Kovacs wrote: > > Hi, > > > > I'm a long-time Linux user (two and a half decades since Slackware > > 7.1). I've been using RHEL clones mainly for the last ten years or > > so, on desktops as well as servers (local and Internet-facing). For > > firewalling I simply chose the default Firewalld. > > > > I understand under Debian there are different possibilities to > > handle firewalls. As far as I understand, ufw (Uncomplicated > > firewall) seems to be the default, though Firewalld seems to be an > > option. > > > > Any recommendations ? > You can use pure "iptables" and "iptables-persistent" as a third > option. It will be more efficient to learn iptables syntax and use it > on any distro than learning syntax of a different wrappers for > iptables like ufw and the others. > Develop a simple ruleset and manage it with command line utils or > directly edit the rules files with text editor.
As you point out below, iptables is being replaced by nftables so choosing now to learn iptables seems a silly idea. So it seems wiser to use a frontend like ufw or firewalld that both support either backend. I suppose ufw is simpler but firewalld may be more familiar to Nicolas. > There is also a new kid around called "nft" which should replace > iptables, but its syntax is super weird and non-intuitive for me, so > I consider it a downgrade. > Luckily iptables` syntax still supported via iptables-to-nft rules > translation with support for the most of iptables extensions, so for > the time being iptables syntax will stay available for use.
