All of lore.kernel.org
 help / color / mirror / Atom feed
From: Reindl Harald <h.reindl@thelounge.net>
To: Younwook Jang <younwook@gmail.com>, netfilter@vger.kernel.org
Subject: Re: Use case of nftables + Linux combination as network firewall
Date: Fri, 22 Jan 2021 15:27:40 +0100	[thread overview]
Message-ID: <636ad821-67fe-d28c-8a55-47fbf00877bc@thelounge.net> (raw)
In-Reply-To: <CAEx-Y1-yWpUcfQKe_gkkuEhpRr2Nm59CjRp61dA5-GS8os5ihw@mail.gmail.com>



Am 22.01.21 um 14:31 schrieb Younwook Jang:
> Dear netfilter users,
> 
> I'm looking that real reference case that uses nftables+Linux server
> as network firewall.
> 
> Would you please share reference cases or related information ?
> 
> I think that Linux VM with well-configured nftables can be act as
> network firewall especially cloud environment.
> 
> Please share your advice

it's exactly the same as you do for INPUT with iptables/nftables but in 
the FORDWARD chain

on the pure network layer without inspecting content every middlebox you 
can buy does exactly the same and in many cases is just using linux + 
iptables

  reply	other threads:[~2021-01-22 14:27 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-22 13:31 Use case of nftables + Linux combination as network firewall Younwook Jang
2021-01-22 14:27 ` Reindl Harald [this message]
2021-01-22 15:46   ` Younwook Jang
2021-01-22 16:18     ` Reindl Harald
2021-01-24 10:53 ` Eliezer Croitoru

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=636ad821-67fe-d28c-8a55-47fbf00877bc@thelounge.net \
    --to=h.reindl@thelounge.net \
    --cc=netfilter@vger.kernel.org \
    --cc=younwook@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.