Configuring iptables
At the time of writing (2021), we're in flux on firewall architectures. iptables is still the default host firewall on many distributions, including our example Ubuntu distribution. However, the industry has started moving toward a newer architecture, nftables (Netfilter). Red Hat and CentOS v8 (on the Linux kernel 4.18), for instance, have nftables as their default firewall. Just for context, when iptables was introduced in kernel version 3.13 (around 2014), it in turn replaced the ipchains package (which was introduced in kernel version 2.2, in 1999). The main reasons for moving to the new commands are to move toward a more consistent command set, provide better support of IPv6, and deliver better programmatic support for configuration operations using APIs.
While there are definitely some advantages to the nftables architecture (which we'll cover in this chapter), there are decades of inertia in the current iptables approach. Entire automation frameworks...
