In short, sell me on ufw.
I learned recently that yfw is basically replacing iptables “everywhere”, and as I’m getting old and crusty, this means that I have to learn something new when I’d much rather practice yelling at kids to get off my lawn.
To me, iptables is fine, and I like its flexibility. I’ve been using it ever since it de facto replaced ipchains, so ease of use isn’treally a factor in this equation.
So my more pointed question is: Can I just stick to iptables, or am I missing out on something that can only be done with ufw?
You must log in or # to comment.
I thought nftables where replacing iptables?
UFW is an interface to a subset of iptables.
There’s things iptables can do that UFW can’t. Nothing that UFW does, is impossible to do with iptables.
By why might one use UFW I hear you wonder? Convenience.
If you already master the art of iptables, no reason to learn UFW instead.
If you know iptables, just stick with that. In my testing, docker containers seem to ignore ufw rules. Supposedly, iptable rules are respected but I haven’t learned iptables yet so I can’t verify.
There’s a forked ufw specifically to solve docker’s issues. (1)
But yes, docker + ufw is something to be carefull about.
UFW is a wrapper which just makes interfacing with iptables bearable. UFW is iptables.
UFW syntax is easier. And it wraps nftables now which means I don’t have to bother learning even more arcane syntax.