openSUSE News post – NFTables network packet filter (Firewall)

This openSUSE News post popped up – <https://news.opensuse.org/2021/03/11/Playing-along-with-NFTables/>.

  • It may well be that, NFTables currently, isn’t so suitable for the default installation due to, no YaST or other graphical configuration interface …
  • But, for system administrators, it looks interesting – there is a Salt module available …
  • And, it was integrating into the Linux Kernel with Kernel version 3.13 …

nftables backend is supported since version 0.6.0 of firewalld which is default firewall on openSUSE. YaST supports firewalld and firewalld has own GUI. What additional graphical configuration interface you miss?

Quoting your link

we exchanged the old SuSEfirewall2 based setup with a new one based on nftables
SuSEfirewall is obsolete since years.

You’ll need to check with Lars Vogdt on that – <http://lrupp.users.sourceforge.net/&gt; – he used to be “Rupp” but, he got married and is therefore “Vogdt” – one of the my ex-colleagues did the same when he got married – changed his family name …

  • Who “Darix” is, no idea but, he/she is also a member of the openSUSE Heroes …

Whether or not, the openSUSE infrastructure is still running SUSEfirewall in some cases, can only be answered by the Heroes …

When you read about the nuts and bolts of how firewalld works, it’s my understanding that nftables is used by default… primarily for its support for hierarchical rules.

And,
the Archwiki for firewalld says so…

https://wiki.archlinux.org/index.php/Firewalld

TSU

Also backed up by these notes –

[HR][/HR]The openSUSE Heroes are using nftables without the firewalld frontend because –

we ran into some problems with NAT and Masquerading using firewalld as frontend

No, it is not.

If not, what?

iptables, what else?

Leap 15.2 – firewalld is version 0.5.5 …

In firewalld 0.6.0 and later nftables is the default backend

Tumbleweed – firewalld is version 0.9.3 – presumably with nftables as the default backend …

However, please realise that future firewalld development will focus on the nftables backend and not iptables.

This thread is about Leap 15.2 How the hell is it relevant what is in upstream or Tumbleweed or any other distribution?

Tumbleweed – firewalld is version 0.9.3 – presumably with nftables as the default backend …

“Presumably”? You mean you did not even try to look before wasting everyone’s time?