In short, sell me on ufw.
I learned recently that yfw is basically replacing iptables “everywhere”, and as I’m getting old and crusty, this means that I have to learn something new when I’d much rather practice yelling at kids to get off my lawn.
To me, iptables is fine, and I like its flexibility. I’ve been using it ever since it de facto replaced ipchains, so ease of use isn’treally a factor in this equation.
So my more pointed question is: Can I just stick to iptables, or am I missing out on something that can only be done with ufw?
The way I understand it, ufw is a frontend for iptables. So no.
These days it’s a frontend for nftables. iptables is a legacy system that’s eventually going to be removed (just like ipchains before it).
On modern systems, iptables is a wrapper around nftables. So you’re essentially using nftables except without the ability to use any of its more powerful features.
Exactly. You can build rules with ufw and view them on iptables. Maybe the one thing ufw does better out of the box is persistent rules and simpler “firewall on/off” switch, but specially on this particular question I don’t think they matter.