Comparing firewall syntax for SSH (port 22) with default-deny:
================================================
#iptables (Linux)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
#nftables (Linux)
nft add rule inet my_filter input tcp dport 22 accept
nft add rule inet my_filter input drop
#ufw (Linux - simplified frontend to iptables)
ufw allow 22/tcp
ufw default deny incoming
#pf (OpenBSD)
pass in proto tcp to port 22
block all
pf’s syntax feels so elegant, human-readable, & minimal!
After 20years scripting iptables, I’m ready to try UFW on my laptop.
#firewall #sysadmin #pf #iptables #ufw #nftables