Use case of nftables + Linux combination as network firewall

Use case of nftables + Linux combination as network firewall

[Younwook Jang]

Dear netfilter users,

I'm looking that real reference case that uses nftables+Linux server
as network firewall.

Would you please share reference cases or related information ?

I think that Linux VM with well-configured nftables can be act as
network firewall especially cloud environment.

Please share your advice.

thanks, regards.

Re: Use case of nftables + Linux combination as network firewall

[Reindl Harald]

Am 22.01.21 um 14:31 schrieb Younwook Jang:
> Dear netfilter users,
> 
> I'm looking that real reference case that uses nftables+Linux server
> as network firewall.
> 
> Would you please share reference cases or related information ?
> 
> I think that Linux VM with well-configured nftables can be act as
> network firewall especially cloud environment.
> 
> Please share your advice

it's exactly the same as you do for INPUT with iptables/nftables but in 
the FORDWARD chain

on the pure network layer without inspecting content every middlebox you 
can buy does exactly the same and in many cases is just using linux + 
iptables

Re: Use case of nftables + Linux combination as network firewall

[Younwook Jang]

Hi Reindl, thank you for your advice.

I'm looking reference case of the company or organizations that is
using Linux+nftables as network firewall.

Is there any good reference...?

thanks, regards.

2021년 1월 22일 (금) 오후 11:27, Reindl Harald <h.reindl@thelounge.net>님이 작성:
>
>
>
> Am 22.01.21 um 14:31 schrieb Younwook Jang:
> > Dear netfilter users,
> >
> > I'm looking that real reference case that uses nftables+Linux server
> > as network firewall.
> >
> > Would you please share reference cases or related information ?
> >
> > I think that Linux VM with well-configured nftables can be act as
> > network firewall especially cloud environment.
> >
> > Please share your advice
>
> it's exactly the same as you do for INPUT with iptables/nftables but in
> the FORDWARD chain
>
> on the pure network layer without inspecting content every middlebox you
> can buy does exactly the same and in many cases is just using linux +
> iptables

Re: Use case of nftables + Linux combination as network firewall

[Reindl Harald]

Am 22.01.21 um 16:46 schrieb Younwook Jang:
> Hi Reindl, thank you for your advice.
> 
> I'm looking reference case of the company or organizations that is
> using Linux+nftables as network firewall.
> 
> Is there any good reference...?

sorry, i can't post the ruleset of our datacenter-firewall but at the 
end of the day iptables/iptables-nft/ipset is as trivial as for a local 
machine

if you are not firm with iptables at all you will have a heavy learning 
curve anyways and if you prefer native nft or iptables-nft has also no 
single answer

https://www.lammertbies.nl/comm/info/iptables

Google:
"iptables datacenter firewall"
"iptables forwarding firewall"

> 2021년 1월 22일 (금) 오후 11:27, Reindl Harald <h.reindl@thelounge.net>님이 작성:
>>
>>
>>
>> Am 22.01.21 um 14:31 schrieb Younwook Jang:
>>> Dear netfilter users,
>>>
>>> I'm looking that real reference case that uses nftables+Linux server
>>> as network firewall.
>>>
>>> Would you please share reference cases or related information ?
>>>
>>> I think that Linux VM with well-configured nftables can be act as
>>> network firewall especially cloud environment.
>>>
>>> Please share your advice
>>
>> it's exactly the same as you do for INPUT with iptables/nftables but in
>> the FORDWARD chain
>>
>> on the pure network layer without inspecting content every middlebox you
>> can buy does exactly the same and in many cases is just using linux +
>> iptables

RE: Use case of nftables + Linux combination as network firewall

[Eliezer Croitoru]

A few examples:
https://www.dataswitchworks.com/vRouter.asp
https://vyos.io/

I am not sure what is the question regarding nftables.
The above products and many others are using iptables which in turn can be replaced with nftables based.
The only difference between nftables and iptables is the actuall rules to add or remove rules and details into
ipset this or another.

What would expect from a Firewall else that what vyos or brocade offers?

Eliezer

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@gmail.com
Zoom: Coming soon


-----Original Message-----
From: Younwook Jang <younwook@gmail.com> 
Sent: Friday, January 22, 2021 3:32 PM
To: netfilter@vger.kernel.org
Subject: Use case of nftables + Linux combination as network firewall

Dear netfilter users,

I'm looking that real reference case that uses nftables+Linux server
as network firewall.

Would you please share reference cases or related information ?

I think that Linux VM with well-configured nftables can be act as
network firewall especially cloud environment.

Please share your advice.

thanks, regards.