What is the best free Firewall for Centos 9

The problems might occure because RHEL does not support iptables anymore.

This can help to run "iptables" on nftable systems.
github.com

Simple nftables support via the use of update-alternatives by TheBeardedQuack · Pull Request #2064 · webmin/webmin

Simply support for nftables (which is a drop-in replacement command line wise), simply by preferring to call iptables-save|restore rather over iptables-legacy-save|restore Should be a simple resolv...
github.com github.com

Although firewalld/nftables is good. Or eBPF/XPF is also nice.
 
Last edited:
Stije said:
The problems might occure because RHEL does not support iptables anymore.
Click to expand...
It's nftables now by default, but I still have iptables symlinks in Alma 9.
lrwxrwxrwx. 1 root root 26 2023-09-10 06:18 iptables -> /etc/alternatives/iptables

I didn't need to use any github stuff for it. Just came with the OS.

APF/BFD is also just a shell for using iptables/nftables like CSF/LFD is.
But it's indeed a good alternative.

However, if CSF is not working, then most likely APF won't either for this reason.
 
Cool....i don't use it on 9 so didn't know they did the alternatives. Or did CSF made it? I don't have this in my 9.3 system.

Using XPF/eBPF on my machine.
 
Stije said:
I don't have this in my 9.3 system.
Click to expand...
Hmmz... I will know fairly soon as I want to install a Alma 9 on a test pc here at home, because I'm starting to doubt now.
Maybe it was installed by DA on installing the CSF/LFD firewall, I'm not sure now anymore. :)

Edit: I just read this somewhere on the net:
The AlmaLinux 9 has iptables-nft-1.8.8-6.el9_1 and iptables-libs-1.8.8-6.el9_1.
Just not sure anymore if it's installed by default, but that I will see later.
 
Sorry to hijack the thread. I have Rocky Linux 9.3 and no nftables to be found. Is the command something else?

This is what I have for iptables:

[root@server11 ~]# whereis iptables
iptables: /usr/sbin/iptables /usr/libexec/iptables /usr/share/man/man8/iptables.8.gz
[root@server11 ~]# ls -l /usr/sbin/iptables
lrwxrwxrwx 1 root root 26 Feb 29 06:52 /usr/sbin/iptables -> /etc/alternatives/iptables
[root@server11 ~]# ls -l /etc/alternatives/iptables
lrwxrwxrwx 1 root root 25 Feb 29 06:52 /etc/alternatives/iptables -> /usr/sbin/iptables-legacy
[root@server11 ~]# ls -l /usr/sbin/iptables-legacy
lrwxrwxrwx 1 root root 20 Mar 12 2023 /usr/sbin/iptables-legacy -> xtables-legacy-multi
[root@server11 ~]# ls -l /usr/sbin/xtables-legacy-multi
-rwxr-xr-x 1 root root 92776 Mar 12 2023 /usr/sbin/xtables-legacy-multi
 
I have no clue. I have no nftables either, just a directory, no binary, but I don't remember if I uninstalled them myself or not.

However, I don't have any xtables-legacy-multi for example and also no iptabes-legacy.
On Alma 9 I only have these:
Code: 
lrwxrwxrwx.   1 root root   23 2023-09-10 06:18 ip6tables -> /usr/sbin/ip6tables-nft
lrwxrwxrwx.   1 root root   31 2023-09-10 06:18 ip6tables-restore -> /usr/sbin/ip6tables-nft-restore
lrwxrwxrwx.   1 root root   28 2023-09-10 06:18 ip6tables-save -> /usr/sbin/ip6tables-nft-save
lrwxrwxrwx.   1 root root   22 2023-09-10 06:18 iptables -> /usr/sbin/iptables-nft
lrwxrwxrwx.   1 root root   30 2023-09-10 06:18 iptables-restore -> /usr/sbin/iptables-nft-restore
lrwxrwxrwx.   1 root root   27 2023-09-10 06:18 iptables-save -> /usr/sbin/iptables-nft-save
so only the -nft version.

However I do have the xtables -nft-multi, so I guess Rocky just uses another name than Alma.
 
I have Alma 9 as well. Same results. I don't have /usr/sbin/iptables-nft
 
I now switched from Centos Stream 9 to AlmaLinux 9, but unfortunately I have not installed CSF yet because I just changed to a new ISP provider with different dynamic IP ranges which I need to ask for. I think I would use the solution configuring both deny and allow config or Richard's solution. It should work very well.
 
You must log in or register to reply here.
Back
Top