2

If you have experience, could you please advise how to safely apply firewall rules remotely on Linux using nft?

Particularly on Debian, we used for a long time iptables-apply(8) to safely apply remotely firewall rules to avoid lock out ourselves in case of some mistakes in rules.

As of now, latest Debian release comes with nftables instead of iptables, and official advice is to start using new tool nft. I known that there is wrapper that converts old style iptables rules on the fly, but everywhere it advised to not mix old style with new one, so we finally decided to switch all rules to a new (sort of pf) style, but we are still humans and don't want to lock ourselves out of remote servers in case of mistake in rules.

So shortly, is there some procedure to do the same as iptables-apply but using nft?

GChuf
  • 1,151
  • 9
  • 21
FossilDaemon
  • 29
  • 1
  • This is a cross-post: https://unix.stackexchange.com/questions/595273/safe-rule-applying-remotely-using-nft – dirdi Jul 05 '20 at 15:24
  • @dirdi the cross site post is asked by FossilDaemon, the same user who is asking this question. – Wasif Jul 09 '20 at 07:55
  • 3
    @Wasif_Hasan So it's a deliberate cross-post. [So much the worse](https://meta.stackexchange.com/q/64068/355310). – Kamil Maciorowski Jul 09 '20 at 08:33

0 Answers0