On 4/14/2020 4:13 AM, Farkas Levente wrote: > hi, > i read that there is not even a plan to support nftables. but after read > this description: > https://www.thegeekdiary.com/how-to-migrate-existing-iptables-rules-to-nftables-in-centos-rhel-8/ > my question wouldn't be easy to simply convert the result ruleset to > nftables on all nftables system? >
Not quite so easy - Shorewall runs ip[6]tables many places in the code, most notably in detecting capabilities (but also in the shell libraries). While iptables-restore-translate could be used in the generated script to translate /var/lib/shorewall[6]/.ip[6]tables-input, it's not really feasible in all of the other places where ip[6]tables is run. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster Shoreline, \ with an international standard? Washington, USA \ A: Someone who makes you an offer you http://shorewall.org \ can't understand \________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
