Switch from existing firewalld configuration to nftables

iptables centos firewalld nftables centos8

Solution 1:

I'm not familiar with nftables syntax and configuration (and currently I cannot afford learning it and manual rewrite due to time restrictions).

Keep firewalld if you are not going to learn nftables. Risking a misconfigured firewall is not worth what might be merely tens of MB of RAM savings. Hopefully, your time is valuable enough where you can justify renting a VM with slightly more resources, and be done with it. (If that's even necessary, I'm not convinced you have a performance problem.)

Firewall rules are not a one time thing, eventually they will need updating. How are you going to ensure that 6 months from now, this write firewalld and convert process will be followed?

EPEL 8 fail2ban-firewalld package is naturally firewalld based. Easy enough to switch to a nftables based jail, but that is still a configuration you will want to test.

Related

Does AD B2C offer in-app authentication instead of jumping to b2clogin.com
How can an Administrator Discreetly View a Remote Desktop User's Session?
Forcing Dovecot 2.3.4.1 to use TLSv1.2
Permanent storage in GCP Cloud Shell lost
nginx does not respond correctly to HTTP/1.1
Squid makes Internet slow
GOOGLE_APPLICATION_CREDENTIALS where is it?
How to nicely make a neighbors discovery solicitation on Linux?
Upgrading Windows Server + Domain Controller to Windows Server 2019 - Fails On "ADPrep.exe"
What important group-policy settings should I configure in Active Directory? [closed]
How can I rewrite urls (ala mod_rewrite) for free in IIS 6?
What are the pros and cons of enabling the root account on OS X?