If you have experience, could you please advise, how to safely apply firewall rules remotely on Linux using NFT
?
Particularly on Debian, we used for a long time iptables-apply
(8) to safely apply remotely firewall rules to avoid lock out ourselfs in case of some mistakes in rules.
As of now, latest Debian release comes with nftables
instead of iptables
, and official advise is to start using new tool nft
.
I known that there is wrapper that converting old style iptables
rules on the fly, but everywhere it advised to not mix old style with new one, so we finally decided to switch all rules to a new (pf
kinda) style, but we are still a humans and won't lock out remote servers in case of mistake in rules, so shortly, is there some procedure to do the same as iptables-apply
but using nft
?
For some reason, google and bing keep it either in a secret, so I appreciate upfront if one would show a road to a truth.
P.S. I asked the same question half month ago on superuser but no one found any solution, so I'm sorry for cross-posting, but half month waiting on one resource I thing is enough to time to ask it here...