Feature Request: Migrate from iptables to nftables (firewalld) on Linux

[43qcc2cn]

Is your feature request related to a problem? Please describe.
As far as I can tell, both the GUI and CLI use iptables to manipulate the netfilter firewall on Linux.

The packaged installers appear to disable the firewalld.service unit, presumably to prevent nftables rules conflicting with iptables rules. This results in any system / user firewalld configuration being unused as a result of the GUI / CLI installation.

Describe the solution you'd like
Update the GUI and CLI to use nftables (and firewalld if available) to make them compatible.

Additional context
As far as I know, most Linux distros have migrated from iptables to nftables. eg.:
https://wiki.debian.org/nftables
https://en.opensuse.org/openSUSE:Security_Features#Firewall
https://wiki.archlinux.org/title/Category:Firewalls
https://docs.fedoraproject.org/en-US/fedora/f32/release-notes/sysadmin/Networking/

and firewalld migrated from using the iptables backend to nftables many years ago:
https://firewalld.org/2018/07/nftables-backend

I hope this does not prove to be a too controversial request. Thanks.

[jaxu]

Apologies for the slow response. There's nothing wrong with using iptables to manipulate netfilter, since it is just a frontend to the same kernel functionality that everything else uses. Modern iptables is backed by nftables as well.

That said, you bring up a good point about firewalld here. We have no real reason to single out firewalld to disable, and it's probably not our place to do it since it may break user configuration. I will open a ticket to remove this bit in the install scripts. However, note that modifying netfilter rules with any frontend (ufw, firewalld, etc) may cause conflicts and/or leaks, and we don't recommend doing so.