Future support for nftables | FWCloud Forum

Future support for nftables

Ubuntu 20.04 has moved to nftables. It provides transition scripts to ease the migration but they are only temporary.

Are there any plans to support nftables in future releases of fwcloud?

Thanks.
 

Carles Munyoz

Administrator
Staff member
Hi,
Of course, nftables support will be added very soon to FWCloud. It is in the features list that will be added to our next FWCloud release, not in the one that we will publish this week, but it will be available in the next one.

The FWCloud design allows the use of different compilers for the policy generated using the user interface. Currently we have a compiler for iptables and we can easily add compilers for other network packet filtering systems like nftables.

In fact, is quite simple to convert the current iptables compilation to nftables, as explained here.

In the FWCloud release that we will publish this week we have added a new awesome feature that we have called hook scripts. It allows the addition of script code before and/or after any rule of the policy. If you want to use nftables instead of iptables, you could add this code after the last rule loaded in your policy load script:
Bash:
iptables-save > /tmp/iptables-save.txt
iptables-restore-translate -f /tmp/iptables-save.txt > /tmp/nftables-save.txt
nft -f /tmp/nftables-save.txt

This can be a temporary solution, but if you can wait, it would be better to use our nftables compiler that will generate a native nftables compiled script for policy load.

Best regards.
 
Last edited:
Top