arcis wrote: ↑2022/02/03 13:23:40
I wish there were tables similar to pf, where a user could add a table entry to pf.conf and populate it with addresses and subnets.
I don't know pf, but that sounds like what one would end up with nftables.service.
A zone-based firewall is conceptually nice ... if user can adopt that line of thought.
The issue with FirewallD before version 0.9, the one in RHEL 8.5, was that it was in practice only for INPUT.
The 0.9 did add support for FORWARD filter "policies" that are essential in router (although EL8 as router has other issues too).
The 1.0 (RHEL 9) will finally support OUTPUT filter ...