{"id":2676,"date":"2015-11-03T15:08:10","date_gmt":"2015-11-03T23:08:10","guid":{"rendered":"http:\/\/upon2020.com\/blog\/?p=2676"},"modified":"2015-11-03T15:08:10","modified_gmt":"2015-11-03T23:08:10","slug":"giving-up-on-nftables","status":"publish","type":"post","link":"https:\/\/upon2020.com\/blog\/2015\/11\/giving-up-on-nftables\/","title":{"rendered":"Giving up on nftables"},"content":{"rendered":"<p>Supposedly, <a href=\"https:\/\/wiki.archlinux.org\/index.php\/Nftables\">nftables<\/a> is the successor to <a href=\"https:\/\/wiki.archlinux.org\/index.php\/Iptables\">iptables<\/a>. So when implementing a firewall for <a href=\"http:\/\/ubos.net\/\">UBOS<\/a>, the logical thing to do is to use the new thing instead of the clumsier old thing.<\/p>\n<p>But I give up. I cannot figure out how this thing works. All the how-to pages that I found essentially have the same examples, copied from the nftables distribution. They are all trivial or incomplete. I doubt that anybody who has written those how-to pages has ever run nftables in anger. The netfilter mailing list was of some help, but only some.<\/p>\n<p>And if you read this, and have nftables running on a router that does masquerading, please post your full configuration in the comments. Thank you.<\/p>\n<p>In the meantime, it&#8217;s back to iptables.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Supposedly, nftables is the successor to iptables. So when implementing a firewall for UBOS, the logical thing to do is to use the new thing instead of the clumsier old thing. But I give up. I cannot figure out how this thing works. All the how-to pages that I found essentially have the same examples,&hellip;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled":false,"footnotes":""},"categories":[403,35,66,371],"tags":[410,407,409,412,411,408],"class_list":["post-2676","post","type-post","status-publish","format-standard","hentry","category-open-source-2","category-security","category-technical","category-ubos","tag-firewall","tag-iptables","tag-linux","tag-masquerading","tag-nat","tag-nftables","kind-"],"kind":false,"_links":{"self":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/2676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/comments?post=2676"}],"version-history":[{"count":1,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/2676\/revisions"}],"predecessor-version":[{"id":2677,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/posts\/2676\/revisions\/2677"}],"wp:attachment":[{"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/media?parent=2676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/categories?post=2676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/upon2020.com\/blog\/wp-json\/wp\/v2\/tags?post=2676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}