search

DefinedNet / nebula-docs

Documentation for the Nebula open source project
https://nebula.defined.net/docs
12 stars 10 forks source link

Add ufw and nftables unsafe_routes instructions #117

Closed johnmaguire closed 4 months ago

johnmaguire commented 4 months ago

Thanks @ieugen for the nftables instructions.

netlify[bot] commented 4 months ago

Deploy Preview for nebula-docs-dn ready!

Name Link
Latest commit 9b83347debed63114a3c97ae292868fa18b5490b
Latest deploy log https://app.netlify.com/sites/nebula-docs-dn/deploys/6606f9cf7d0c3d0008b1bfca
Deploy Preview https://deploy-preview-117--nebula-docs-dn.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

ieugen commented 4 months ago

Nice to see this making it into the docs. I would mention that the linux distros are moving to nftables . Even UFW is based on nftables after 21.xx https://askubuntu.com/questions/1370901/ubuntu-21-10-switched-to-nftables-so-why-is-iptables-still-available

So having both ufw and nftables config on same system does not make sense IMO. I would prioritize the nftables version over the other for the reasons above: everyone is using nftables under the hood. Thanks for improving on the config. I am quite new to nftables :) .

johnmaguire commented 4 months ago

@ieugen Thanks for the feedback. I think we prefer to take an agnostic approach to which firewall users use. I agree it doesn't make sense to configure both ufw and nftables rules on the same system. However, if you're using a system like Ubuntu, ufw is still the preferred firewall of choice, to my underrstanding. Mostly, this comes down to which firewall your distro of choice recommends. (We're still missing firewalld instructions. :P)

I did put iptables last, so that users might notice they have ufw/nftables available, before defaulting to iptables.

ieugen commented 4 months ago

@johnmaguire : I do plan to take a look at firewalld at some point in the future. It seems it has received the feature to allow forwarding - but I did not test that https://firewalld.org/2020/04/intra-zone-forwarding .

Seems like the feature got in firewalld 0.7.4 in 2020 so it should be in most stable distros by now.

Firewalld will generate nftables configuration .
Also https://www.eriksuniverse.com/using-firewalld-as-a-linux-router.html