As a bare minimum your system(s) should block all local traffic by default, then explicitly enable access to and from other local systems you require (ie NAS, media server, router, etc).
All smart devices should have addresses assigned manually if possible, preferably using separate subnets. I hate smart devices, who the hell needs an internet enabled toaster or fridge anyway?
iptables is being phased out in favor of nftables, slowly but surely.
You can switch it out with iptables-nft though:
$ pacman -Si iptables-nft
Repository : core
Name : iptables-nft
Version : 1:1.8.7-1
Description : Linux kernel packet control tool (using nft interface)
Architecture : x86_64
URL : https://www.netfilter.org/projects/iptables/index.html
Licenses : GPL2
Groups : None
Provides : iptables arptables ebtables
Depends On : libnftnl libpcap libnfnetlink libnetfilter_conntrack bash nftables
Optional Deps : None
Conflicts With : iptables arptables ebtables
Replaces : None
(note the depends on nftables).
Interesting. Didn’t know about that one. Will give it a go. Thanks.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.