On Tue, Jan 2, 2024 at 8:31 AM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
firewalld defaults to nftables
thanks for this information, actually with nft I do see the tcp ssh rule and the udp rule as well.
sudo /usr/sbin/nft list ruleset .... chain filter_IN_external_allow { tcp dport 22 ct state { new, untracked } accept udp dport 12345 ct state { new, untracked } accept ....
nftables is some newer layer to me, I am not yet familiar if iptables (as it shows also the tcp/ssh rule there) is still valid in some way, some kernel module? additional or double layer of networking and packeting rules and filters and all, or is that just some fallback or fail safe basic rule or how do nftables and iptables build on top of another or exist in parallel? not very clear to me just yet. ty