You are not logged in.
- Topics: Active | Unanswered
#1 2022-04-07 22:03:02
- ccm
- Member
- Registered: 2022-04-07
- Posts: 2
iptables and nftables on same arch system
I have chosen to use nftables instead of iptables on my arch installation.
For that purpose, I have executed the following steps:
# systemctl stop iptables && systemctl disable iptables
# pacman -S nftables
# mkdir /etc/nftables && then copied my nftables setup file "firewall.nft" into that folder
# nft -f /etc/nftables/firewall.nft && nft list ruleset (and checked all rules defined as expected)
# nft list ruleset > /etc/nftables.conf
# systemctl enable nftables.service && systemctl start nftables.service
At this point I am assuming my arch system's firewall is managed only by nftables.
My question are:
Shouldn't I also remove iptables from the system?
Keeping iptables on the system does not create issues with the newly installed nftables?
I am aware the iptables service is disabled but the output of "# systemctl status iptables" is stating it is still loaded (do also reporting it is inactive, dead) and the output of "# nftables -L" states different rules (all traffic accepted).
On other Linux distros (Debian and Debian based distros as ubuntu and mint) it was possible to remove/purge completely the iptables and keep only nftables on the system.
On Arch Linux, I am guessing it is not necessary to remove completely the iptables package (also because that would break the system, as I have already tried and confirmed) but I would like to have confirmation from other's experience using nftables. Did you keep iptables on your arch system while using nftables?
Last edited by ccm (2022-04-07 22:04:04)
Offline
#2 2022-04-08 05:36:05
- -thc
- Member
- Registered: 2017-03-15
- Posts: 775
Re: iptables and nftables on same arch system
AFAIK iptables is part of the core installation (pacstrap) and is by default disabled/inactive/dead.
The netfilter framework is inside the kernel (as modules).
iptables and nftables are "just" userland tools for controlling them.
If you disable iptables and do a reboot, everything should be in working order.
You can remove iptables userland tools, but it's not necessary.
Offline
#3 2022-04-08 12:11:04
- Lone_Wolf
- Administrator
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 13,279
Re: iptables and nftables on same arch system
$ pacman -Qi iptables | grep Required
Required By : iproute2 systemd
$Not easy to remove that ....
If desired it can be replaced by iptables-nft .
I only use nftables, but as long as iptables behaves and stays inactive (which it does sofar) I don't mind (much) having it installed.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
#4 2022-04-08 14:19:52
- -thc
- Member
- Registered: 2017-03-15
- Posts: 775
Re: iptables and nftables on same arch system
Not easy to remove that ....
If desired it can be replaced by iptables-nft .
Uh oh - I either never tried that or forgot about this 
. Thanks for clarifying.
Offline