Summary
While many distributions still have iptables as their default firewall, over time we can expect to see that situation shift to the newer nftables architecture. It will take some years before this transition is complete, and even then the odd "surprise" will pop up, as you find hosts that you didn't have in your inventory, or devices that you didn't realize were Linux-based computers – Internet of Things (IoT) devices such as thermostats, clocks, or elevator controls come to mind. This chapter has gotten us started with both architectures.
With roughly 150 pages in the man pages for nftables and 20 for iptables, that documentation is essentially a standalone book all on its own. We've scratched the surface of the tool, but in a modern data center, defining an ingress filter on each host is the most common use you'll see for nftables. However, as you explore the security requirements in your data center, outbound and transit rules may certainly...
