[DNG] my experience upgrading to NFT
I upgraded one of my larger and more complex servers from ASCII to Beowulf. Switching to NFT was very easy after the upgrade. Just create the rules, (have flush have the beginning), remove the iptables if-pre-up hook if you made one, copy the example init script from /usr/share/doc/nftables/example, set it executable, and rc-update add nftables default. then openrc to bring the system to the new defined default runlevel -- _ / The trouble with computers is that they \ | do what you tell them, not what you | | want. | | | \ -- D. Cohen / - \ \ /\ /\ //\\_//\\ \_ _// / / * * \/^^^] \_\O/_/[ ] / \_[ / \ \_ / / [ [ / \/ _/ _[ [ \ /_/ pgpkaomdnvdKd.pgp Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] my experience upgrading to NFT
On Fri, Jul 31, 2020 at 06:44:16PM -0700, Thomas Groman via Dng wrote: > I upgraded one of my larger and more complex servers from ASCII to > Beowulf. Switching to NFT was very easy after the upgrade. Just create What is NFT? -- hendrik > the rules, (have flush have the beginning), remove the iptables > if-pre-up hook if you made one, copy the example init script from > /usr/share/doc/nftables/example, set it executable, and rc-update add > nftables default. then openrc to bring the system to the new defined > default runlevel ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] my experience upgrading to NFT
On 2020-08-02 17:00, Hendrik Boom wrote: > > I upgraded one of my larger and more complex servers from ASCII to > > Beowulf. Switching to NFT was very easy after the upgrade. Just > > create > > What is NFT? nftables, the slowly arriving successor to iptables. -- Ian ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] my experience upgrading to NFT
On Sun, Aug 02, 2020 at 03:36:46PM -0700, Ian Zimmerman wrote: > On 2020-08-02 17:00, Hendrik Boom wrote: > > > > I upgraded one of my larger and more complex servers from ASCII to > > > Beowulf. Switching to NFT was very easy after the upgrade. Just > > > create > > > > What is NFT? > > nftables, the slowly arriving successor to iptables. Thank you. So iptables is slowly being phased out and I gather it is advisable to switch to the new system. Does iptables still work on beowulf? It's just that I'd like to be able to back out of an attempt to switch to nftables in case I need the net to ask for advice if it doesn't work. And am I right in assuming that "nftables" does *not* stand for New-Fangled Tables? :-) -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] my experience upgrading to NFT
On 2020-08-03 07:36, Ian Zimmerman wrote: > On 2020-08-02 17:00, Hendrik Boom wrote: >> What is NFT? > > nftables, the slowly arriving successor to iptables. > https://wiki.debian.org/nftables I've been using Shorewall for years. I only just now learned that: https://sourceforge.net/p/shorewall/mailman/message/36589782/ We have 5.2.7. So I suppose someone has picked up the responsibility, though I do not know who. I certainly hope that Shorewall will continue to be developed. I find it's interface is unrivaled and could not imagine working without it. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
