On Mon, 03 Feb 2025 14:58:58 -0500 "Brian J. Murrell" <br...@interlinx.bc.ca> wrote:
> Does it have any kind of support similar to shorewall's remote-* > functionality for keeping the rulebase remotely from the enforcement > device? Having to run around logging into the devices you want to > perform enforcement on, editing rules there and deploying has scaling > (and just convenience) issues. You can generate rules on any system and copy generated next.fw to destination host and just use nft to load it. That way you unfortunately loose all dynamic firewall changes like dns resolving. It is easy to manage firewall rules with ansible or similar. I think one of the most prominent features is ability to handle all ipv6 and ipv4 rules in same config. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
