George at Clug <c...@goproject.info> writes: > iptables (which I like), nftables (which I ask, Why?)
For a few years now, well, almost a decade, iptables has been a hollow shell with nftables inside. Why nftables? Because it unifies firewall for ipv4, ipv6 and bridges, so we don't need to have separate iptables, ip6tables and ebtables. I'm very happy with that and probably software maintainers are happy too, with less maintenance load. I tend to think users should pick something a little higher level for firewall management and stick with it. No idea if there's a recommendation or default in Debian, the wiki entry seems rather old school.
