On 4/8/26 11:01 AM, Joe wrote:
On Wed, 08 Apr 2026 14:05:18 +0200
Roy <[email protected]> wrote:
Can you suggest some good documentation to start with? As I mentioned,
there is a lot of outdated information, and it’s really difficult to
filter out what’s essential.
Any tutorial based on nftables will be fairly recent and certainly
applicable. Most of the obsolete stuff is going to be iptables and the
older frontends. Even so, there's a means of translating iptables code
to nftables, so if you find something really useful in iptables, it can
probably be ported fairly easily.
As to frontends: I haven't tried one for a long time, but they
basically simplify the compact but not greatly readable syntax of
nftables, and iptables before it. The other edge of that blade is that
they cannot do everything you can do with the raw kernel-driving code.
It's a steep learning curve if you're not previously familiar with
iptables (and still somewhat steep if you are) but it gives you more
control.
As an aside, I don't do it much now, but I used to use iptables quite a
lot as a cheap and nasty logging tool, nowhere near as versatile as
Wireshark and the others, but if you just want to see if a particular
protocol is getting in or out of somewhere, it's very quick to add a
logging rule. A little harder with nftables.
have a look at https://openwrt.org/ this has debian slanted info.
