In short, sell me on ufw.
I learned recently that yfw is basically replacing iptables “everywhere”, and as I’m getting old and crusty, this means that I have to learn something new when I’d much rather practice yelling at kids to get off my lawn.
To me, iptables is fine, and I like its flexibility. I’ve been using it ever since it de facto replaced ipchains, so ease of use isn’treally a factor in this equation.
So my more pointed question is: Can I just stick to iptables, or am I missing out on something that can only be done with ufw?
These days it’s a frontend for nftables. iptables is a legacy system that’s eventually going to be removed (just like ipchains before it).
On modern systems, iptables is a wrapper around nftables. So you’re essentially using nftables except without the ability to use any of its more powerful features.
I was about to say the same – and also: nftables syntax is a lot cleaner compared to iptables, and the whole configuration can be loaded from a single file just like pf, without doing the dump/reload cycle that iptables required. Unless UFW does features like defining zones which a user might need (like firewalld), then it’s not a huge improvement on bare nftables usability-wise.