GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:33:12 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:

    I'm kinda pissed that my arcane knowledge of iptables that was acquired decades ago now has to be replaced with an understanding of nftables.

    In conversation about 9 months ago from infosec.exchange permalink
    • Embed this notice
      Kev_Prime (kev_prime@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:39:18 JST Kev_Prime Kev_Prime
      in reply to

      @ryanc I recently spent some time learning about the history of iptables and the move to nftables. I also spent some time learning and playing with nftables enought to swap to using it directly the past few years instead of an iptables cli that converts it to nftables.

      To my knowledge iptables is still completely valid and everything is converted automatically for you.

      Is there some piece of news that I'm missing where iptables is being removed?

      In conversation about 9 months ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:39:22 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • CyberFrog

      @froge I wonder if that's why I have problems with DHCP v6

      In conversation about 9 months ago permalink
    • Embed this notice
      CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-Aug-2024 17:39:25 JST CyberFrog CyberFrog
      in reply to

      @ryanc@infosec.exchange I learned something cursed when researching the transition of these things, which is that the linux kernel can load both iptables and nftables rules at the same time, on the same machine, and nftables rules take precedence but fall back to iptables afterwards

      imagine trying to debug a system that you thought was using iptables but actually has a secret nftables rule inserted before iptables even sees the packet.. all the iptables rules would be totally correct, because the filtering happens earlier on 🙃

      In conversation about 9 months ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:40:43 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • CyberFrog

      @froge I see the benefits of it, and it can do a lot of things iptables can't, but... Arg.

      In conversation about 9 months ago permalink
    • Embed this notice
      CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-Aug-2024 17:40:45 JST CyberFrog CyberFrog
      in reply to

      @ryanc@infosec.exchange but also nftables is syntactically very similar, which helps a lot at least lol

      In conversation about 9 months ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:41:23 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • CyberFrog

      @froge I've been using a firewall script on my home routers that I originally wrote at least 15 years ago...

      In conversation about 9 months ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:48:09 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • Kev_Prime

      @Kev_Prime I've seen that iptables is deprecated. I use a lot of really esoteric functionality and have been avoiding dealing with it, but I need to replace my router now to handle the upgraded network at my house.

      In conversation about 9 months ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:51:48 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • CyberFrog

      @froge I use Debian on my routers.

      In conversation about 9 months ago permalink
    • Embed this notice
      CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-Aug-2024 17:51:50 JST CyberFrog CyberFrog
      in reply to

      @ryanc@infosec.exchange if the distro is new and uses nftables, like fedora or something, it might be doing strange things like that 👀

      In conversation about 9 months ago permalink
    • Embed this notice
      Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 29-Aug-2024 17:59:57 JST Ryan Castellucci :nonbinary_flag: Ryan Castellucci :nonbinary_flag:
      in reply to
      • CyberFrog

      @froge I'd rather just learn nftables at this point.

      In conversation about 9 months ago permalink
    • Embed this notice
      CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-Aug-2024 17:59:59 JST CyberFrog CyberFrog
      in reply to

      @ryanc@infosec.exchange I'm not sure if they've switched to nftables by default yet, they might have, maybe it's worth checking if they have any nftables rules defined or something weird

      In conversation about 9 months ago permalink
    • Embed this notice
      Kev_Prime (kev_prime@infosec.exchange)'s status on Thursday, 29-Aug-2024 18:24:17 JST Kev_Prime Kev_Prime
      in reply to
      • CyberFrog

      @froge @ryanc I see that doesn't seem like such an issue to me there's well documented ways to convert iptables configs over to nftables configs and then just use them with the new nf_tables subsystem.

      So if you know iptables just still write your rules there convert it and deploy while enjoying a faster kernel.

      In conversation about 9 months ago permalink
    • Embed this notice
      dlgeek (dlgeek@infosec.exchange)'s status on Thursday, 29-Aug-2024 22:37:51 JST dlgeek dlgeek
      in reply to

      @ryanc I'm still salty I had to migrate from ipchains.

      In conversation about 9 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.