I used shorewall on servers for ages and I'm super happy with it. Sadly it runs on iptables and has no intention of migrating to nftables.
There is firewalld, but it doesn't have an option to log dropped/rejected packets based on zones. You can just log everything, which is total nonsense as I dont need a log of all the portscans that are just like rain on your cars windshield. What I want is only dropped/rejected outgoing packets, or better said from all zones EXCEPT "public".
There seems to be no better wrapper so far. I'm kinda considering doing nftables "oldschool" by writing a wrapper in ansible. But thats pretty meh, as it makes sense to have a project maintain a firewall wrapper.
Any suggestions?
There is firewalld, but it doesn't have an option to log dropped/rejected packets based on zones. You can just log everything, which is total nonsense as I dont need a log of all the portscans that are just like rain on your cars windshield. What I want is only dropped/rejected outgoing packets, or better said from all zones EXCEPT "public".
There seems to be no better wrapper so far. I'm kinda considering doing nftables "oldschool" by writing a wrapper in ansible. But thats pretty meh, as it makes sense to have a project maintain a firewall wrapper.
Any suggestions?