[femiagbabiaka]

What's the ubiquitous replacement for iptables? Last I checked every distro had a different declarative firewall rule manager.

[melvyn2]

nftables is the new underlying kernel system, and the (unfortunately named) `nft` cli to manage it seems to be widely available.

[Arnavion]

And re: declarative, `nft -f foo` loads rules from the file named `foo`, and some distros like Debian define an nftables service that will use this to load `/etc/nftables.conf` etc.

Or if you want to use firewalld you can configure it to use its nftables backend.