Hi > As you point out below, iptables is being replaced by nftables so > choosing now to learn iptables seems a silly idea. So it seems wiser to > use a frontend like ufw or firewalld that both support either backend. > > I suppose ufw is simpler but firewalld may be more familiar to Nicolas. > > > There is also a new kid around called "nft" which should replace > > iptables, but its syntax is super weird and non-intuitive for me, so > > I consider it a downgrade. > > Luckily iptables` syntax still supported via iptables-to-nft rules > > translation with support for the most of iptables extensions, so for > > the time being iptables syntax will stay available for use.
After some effort I switched to nftables. I enabled nftables systemd service and filled /etc/nftables.conf with my conf. I have simple needs, but one thing that I like is the ability to have the same rule for ipv4 and ipv6 ports. There are some interesting examples online: https://wiki.archlinux.org/title/Nftables#Examples https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_server Thanks, Alex
