sybrand_b wrote:The way I see it, the reason for that is that networks are complex. Dealing with network security is complex. Not because iptables itself the problem.
Iptables is a pretty awful piece of software. Hard to understand, hard to manage, badly documented.
It might do the job ok.Heck, most people do not even understand how to tunnel using ssh. So no big surprise that iptables seems to be black art. I'm not going to claim I understand all of iptables capabilities and features - but I've used it as a standard firewall and a NAT firewall for some years now. And it is robust and does the job better than ok.
But it's management is non-intuitive and a piece of black art.