IPtables or NFtables?

[MAGP]

I see more than a few of you are techies (IT) at work and at least a few of you have Linux experience so I am hoping I can ask a Linux related question in the Off Topic section.

Do any of you know about NFtables which is slowly replacing IPtables? I've got my head around IPtables but I want to build my own firewall (it will initially run OPNsense, yes I know its BSD) and teach myself the Linux system without using any gui. So my question to those in the know is, is NFtables better in functionality than IPtables or am I better to stick with IPtables?

I've done some reading on NFtables but all I have got from it is it is 1 table instead of 4 and the format of the rules and policies is different even though you can migrate IPtables rules and policies to NFtables.

[slewinson]

Even better, look at the Sophos UTM home product. It is an enterprise grade firewall that runs on a standard PC and comes with a free 50 user license for home use. I have implemented it on a small i5 PC and it copes really well with NBN fixed wireless 50/20 link. It has All the features you will need and a host that you will probably never use. Also includes VPNs, a HTML5 portal and free 2 factor authentication.

They are trying to get people familiar with it at home so they use it at work.

Simon

[MAGP]

Hey Simon, thanks for the info on Sophos, I'll download it and see what its like.

I'm using this as a learning experience. I spent time learning IPtables in Debian but NFtables is production ready in Debian and it is the next step in Netfilter so I was wondering if it is is time to get into NFtables. My eventual plan is to get some certifications in IT because I can't see me working fulltime as a mechanic again and I doubt I'll ever want to teach again.

[slewinson]

Yeah, I hear you. I have been in IT for nearly 37 years and sometimes think of where to go next.

I am in favor of using appliances for this type of role because the creators have vastly more knowledge and experience in closing up the knot holes. I use the Cisco ASA kit at work and the Sophos is not too shabby in comparison. Feel free to ask me any questions.

Simon

[The1]

Havnt had much to do with firewalls but I hear pfsense alot

[MAGP]

Thanks Simon, I will pick your brains for sure. A change is as good as a holiday. I'm 32 years in the auto trade (I never really gave it up) and 16 in teaching. I'm jaded with the automotive industry and also with teaching. I want to enjoy cars like I used to so they will become my hobby not my means of gainful employment.

Nigel, PFsense is good but they were bought out by Netgate and there was a split in the community over it. The people who split forked PFsense to OPNsense. OPNsense is not owned by anyone as such like PFsense is now so I lean towards OPNsense more because the need to make money isn't as great as PFsense. The BSDs are a really good option but they only work on x86 and x86-64. Packet filtering is much better than IPtables, I just don't know much about NFtables to know if it is something that could be equivalent to the BSD method. That is why my firewall will initially run OPNsense while I try to figure out NFtables. My plan was if NFtables didn't stack up as well as OPNsense I would stick with OPNsense. I'll take a look at Sophos as well now.

[The1]

Thanks for that, unfortunately I've been stuck in gov for the last 19yrs and its Microsoft so I've not done much with linux

[MAGP]

I understand, before I joined here the only reason I still use WIndows is because of working for the NSW government in teaching. I have Windows 10 dual booted on my desktop now because TAFE is Windows centric. Apart from that I've been using Linux at home on my machines since 2007.

[VK_3800]

Bottom line is if you're only doing some learning and experimenting it really doesn't matter, fundamental concepts apply for a long time while specifics are always changing.

Just pick one and try it out. Better yet, try them all. As mentioned above appliances is another option, find a router that you can flash with an open OS and have a play with that too.

[Charlescrown]

Hey MAGP what did you teach and where? I spent over 30 years teaching motor mechanics. I still work on the tools but it's slowing down due to reluctance to take on new customers. The trade is getting very hard so plan to do maybe 2 more years.