0

I am going to install Xubuntu 22.04 on one of my computers and i have a question about firewall.

As i understand Ubuntu use NFTables now.

I have noticed some information about Debian (which is base for Ubuntu) using NFTables now. And Debian wiki says

If you want to enable a default firewall in Debian, follow these steps... # aptitude install nftables # systemctl enable nftables.service

So i wonder now, should i at first install and enable ntfstables and only after that to enable (g)ufw? It seems logical, but i also have read in ArchWiki that

Start and enable ufw.service to make it available at boot. Note that this will not work if iptables.service is also enabled (and same for its ipv6 counterpart).

I guess that this rule can also be applied to Ubuntu and NFTables..? And on Arch Reddit we can read:

UFW, being a frontend wrapper, will require the nftables package to be installed and the service to be enabled/started. Simply, it will use IPTables or NFTables depending on which is configured and in use. Edit: Only UFW service need be enabled to avoid conflict

So, in short, i have the following questions:

  1. should i install NFTables?

  2. Should i enable it as a service (and configure)?

  3. Or just using GUFW is enough? Because it somehow automatically uses NFTables?

SteelRat
  • 11
  • 3
  • Please be specific with what Ubuntu product & release you're going to install. We can't really advice when we don't really know what you're going to install & what you're actually asking about. Your question is also too broad for a Q&A site (*this isn't a forum!*) so please match your question with the site rules. – guiverc Feb 02 '23 at 11:34
  • Ok, i am sorry. I am going to install Xubuntu 22.04. And the question is how to configure firewall on it. – SteelRat Feb 02 '23 at 15:27
  • nftables compat is by default installed in the kernel, it doesn't *need* you to install `nftables` specifically. `ufw` will use nftables or iptables, whichever is installed and the underlying compatibility components for nftables get used. I wouldn't necessarily use gUFW anymore, but I know that under the hood `ufw` is still your best option if you expect an uncomplicated mechanism to handle your firewall – Thomas Ward Feb 02 '23 at 16:10
  • "ufw will use nftables or iptables, whichever is installed" You, as i understand, mean here installed in the kernel? – SteelRat Feb 02 '23 at 18:28

2 Answers2

2

Use whatever you used before. If you used (g)ufw then just use that tool again. gUFW and UFW are both wrappers around nftables and iptables, and in 22.04 with nftables being the default it just uses nftables.

If you are used to using iptables, well then look into using iptables-nft which is a compat layer that uses xtables and a few other tools to use nftables with iptables command compatibility (parses iptables commands and such to use nftables commands to populate the firewall).

Use whichever tool you're comfortable with.

Thomas Ward
  • 72,494
  • 30
  • 173
  • 237
1

After some research and discussion i have come to the following conclusion about nftables and (g)ufw. So, if you want to use (g)ufw:

should i install NFTables?

No, it is not needed. But the package itself probably won't lead to conflicts

Should i enable it as a service (and configure)?

No, it will lead to the conflict with g(ufw) serivce

Or just using GUFW is enough? Because it somehow automatically uses NFTables?

Yes, and yes.

SteelRat
  • 11
  • 3