In short, sell me on ufw.
I learned recently that yfw is basically replacing iptables “everywhere”, and as I’m getting old and crusty, this means that I have to learn something new when I’d much rather practice yelling at kids to get off my lawn.
To me, iptables is fine, and I like its flexibility. I’ve been using it ever since it de facto replaced ipchains, so ease of use isn’treally a factor in this equation.
So my more pointed question is: Can I just stick to iptables, or am I missing out on something that can only be done with ufw?
You must log in or # to comment.
UFW is an interface to a subset of iptables.
There’s things iptables can do that UFW can’t. Nothing that UFW does, is impossible to do with iptables.
By why might one use UFW I hear you wonder? Convenience.
If you already master the art of iptables, no reason to learn UFW instead.
I thought nftables where replacing iptables?
UFW syntax is easier. And it wraps nftables now which means I don’t have to bother learning even more arcane syntax.
I think you got it wrong. Nft is replacing iptables. Ufw is only a frontend.
Actually, your uoyabled might just be a wrapper on nft.
UFW is a wrapper which just makes interfacing with iptables bearable. UFW is iptables.
If you know iptables, just stick with that. In my testing, docker containers seem to ignore ufw rules. Supposedly, iptable rules are respected but I haven’t learned iptables yet so I can’t verify.
There’s a forked ufw specifically to solve docker’s issues. (1)
But yes, docker + ufw is something to be carefull about.
Docker really doesn’t like firewalls, and doesn’t seem to play nicely with them.
iptables is a legacy system that’s going away. If you don’t learn ufw, you’ll have to learn nftables.
Edit: Not sure why I’m being downvoted for telling the truth lol
Don’t know either, other than they can’t stand the thruth for a good reason? :/ We have been using iptables for years and now we have to relearn everything?
Yeah it’s unfortunate. The nftables syntax is a lot easier though!
The same thing has happened before, around 15 years ago… Before iptables there was a system called ipchains. Migration took a while, but it was eventually done, and nobody talks about ipchains any more.
