Very interesting. I guess the main advantage is dynamic filtering and scriptabilty, something that can be hard with bare iptables.
For my simple use case (home network, home vpn, remote VPS, and external VPN) I still prefer vanilla iptables. It gets the job done, I understand most of it and I feel in more in control.
Also, iptables frontends might have serious vulnerabilities of their own. Once a good friend of mine had his VPS hacked due to a ufw and docker CVE.
sommerfeld
npub16r…kz5pl
2023-08-30 20:33:04
in reply to nevent1q…5x02
Author Public Key
npub16r0tl8a39hhcrapa03559xahsjqj4s0y6t2n5gpdk64v06jtgekqdkz5plPublished at
2023-08-30 20:33:04Event JSON
{
"id": "d754cc9064a62e3222c7acba0b63ef5d1d28ad3b565fa8617b2acfc2d5d56c2a",
"pubkey": "d0debf9fb12def81f43d7c69429bb784812ac1e4d2d53a202db6aac7ea4b466c",
"created_at": 1693427584,
"kind": 1,
"tags": [
[
"e",
"91f7fefd9cb8b71b2b68295024b881f3e100cf2f4b72d84c12feccc2b8c4f944",
"",
"root"
],
[
"e",
"54b33a7775083a1f72c66d1b5fa747d6d86bf9a79e1bc253808a9835655e3838"
],
[
"e",
"a16aeb60a1b89c902207313e832fe846ef24d33bff603efc32cf7a0dea39aad1",
"",
"reply"
],
[
"p",
"d0debf9fb12def81f43d7c69429bb784812ac1e4d2d53a202db6aac7ea4b466c"
],
[
"p",
"d93cc2c89918a0e07d92b7b619b640845195ed29d67dc94f79f3551824b62fe0"
]
],
"content": "Very interesting. I guess the main advantage is dynamic filtering and scriptabilty, something that can be hard with bare iptables.\n\nFor my simple use case (home network, home vpn, remote VPS, and external VPN) I still prefer vanilla iptables. It gets the job done, I understand most of it and I feel in more in control.\n\nAlso, iptables frontends might have serious vulnerabilities of their own. Once a good friend of mine had his VPS hacked due to a ufw and docker CVE.",
"sig": "31e621b7f3f7a5041eb9ad2deac17b012854e9e0597f9f0d7194c324eb100598133e45136fada446b230b82a2e6c3fbc19a45d440df792ccc9cb12bdf9022f01"
}