iptables - as a kernel paradigm - was effectively replaced in kernel 3.13 with nftables. [1]
We often run systems still using the older iptables variant with no real capability to interface with our newer kernel.
Thankfully there is an existing reasonable fix: iptable-nft [2]
This tool seems to provide excellent backwards compatibility. It has some limitations around unsupported extensions, but otherwise very reasonable.
I think we should consider an approach that can transparently replace iptable input with iptable-nft.
[1] https://tuxcare.com/blog/iptables-vs-nftables/
[2] https://www.redhat.com/en/blog/using-iptables-nft-hybrid-linux-firewall
iptables - as a kernel paradigm - was effectively replaced in kernel 3.13 with nftables. [1]
We often run systems still using the older iptables variant with no real capability to interface with our newer kernel.
Thankfully there is an existing reasonable fix: iptable-nft [2]
This tool seems to provide excellent backwards compatibility. It has some limitations around unsupported extensions, but otherwise very reasonable.
I think we should consider an approach that can transparently replace iptable input with iptable-nft.
[1] https://tuxcare.com/blog/iptables-vs-nftables/
[2] https://www.redhat.com/en/blog/using-iptables-nft-hybrid-linux-firewall