Linux is constantly evolving, and with it the tools that its fans use on a daily basis. However, some of the classics such as iptables , which has been replaced by nftables , are now not only outdated, but also potentially insecure or inefficient.

Yet they are still referenced in many Linux books and on numerous websites. This tempts users to continue using them.

In this article, we present the most frequently encountered “deprecated“, i.e. obsolete, Linux commands. Many users are probably still familiar with them. However, for the reasons just mentioned, they are no longer up to date because they have unclosed security gaps, incomplete functions, or there are more efficient alternatives.

Some of the old commands have already been removed from the current distributions. However, others are still included.

Software developer and system administrator Jose Vicente Nunez, for example, has compiled a list of Linux commands that should no longer be used for the Red Hat blog.

He also names alternatives which, in his opinion, offer at least the same range of functions, are nevertheless usually more powerful and are also still actively maintained.

egrep and fgrep

Nunez cites the commands egrep and fgrep as the first examples. They’re based on the grep tool, which specifically searches for text patterns in files or inputs. However, both egrep and fgrep are no longer being developed further because they have now been integrated into grep as additional parameters.

Instead of the stand-alone command egrep, which uses extended regular expressions to find the desired pattern, you can now use

grep -E

This allows you to use more complex patterns and special characters without having to mask them.

Similarly, fgrep has been replaced, which searches for fixed, i.e. unchanged text strings and thus saves time. Today, the fgrep command essentially corresponds to

grep -F

In newer distributions, both egrep and fgrep are merely symbolic links to grep.

nslookup

The nslookup command is also no longer quite up to date. It was and is still frequently used today to perform DNS (Domain Name System) queries.

For example, it can be used to find out the IP address for a domain using a forward lookup or the domain name for an IP address using a reverse lookup.

In addition, nslookup can be used to specifically query various DNS servers, check DNS entries or diagnose name resolution errors.

The decision to stop developing nslookup was cancelled in 2004. Nunez and many others still recommend using the commands

dig

and

host 

commands.

For example, dig is part of the BIND DNS tools, which are actively maintained and can therefore now do more than nslookup.

The name is one of the open source community’s favorite puns. On the one hand, the term “to dig” can be translated as “to dig up”, on the other hand it is also the abbreviation for “domain information groper”.

Dig supports DNSSEC, can perform targeted queries of all record types, delivers structured and easy-to-read output and therefore offers greater flexibility even for complex queries.

In addition, unlike dig, nslookup does not use the operating system’s local domain name system resolver library to perform queries. As a result, nslookup may return different results than dig if, for example, the resolver library takes additional “hosts” files into account or uses a local cache.

ifconfig, route and netstat

The ifconfig command is one of the best-known tools that is no longer quite up to date. If the program is used without parameters, it shows the current network configuration. However, it can also be used to configure the network adapter together with information on the server address, gateway, netmask, or IP address.

Most distributions still include ifconfig. The command should have been replaced years ago by the alternative

ip

from the iproute2 family.

At first glance, ip appears more complicated than ifconfig, as a command such as “ip addr show” is required to display the current IP address. Instead, ip provides information with a command such as

ip link show

ip provides information about the network interfaces, such as real or virtual network cards and WLAN adapters.

Further examples of the use of the ip command:

ip link set eth0 up

Activates the network interface “eth0”.

ip link set eth0 down

Deactivates the network interface “eth0” again.

ip addr show dev eth0

Shows the IP address of the network interface “eth0”.

ip link show dev eth0

Shows the details of the network interface “eth0”.

ip addr del 192.168.0.77/24 dev eth0

This command is only available with ip, for example. It deletes the specified IP address for the interface “eth0”. In addition to such tasks, ip also provides information about the routing table:

ip route show

or

ip route list

Here the ip command shows the routing table and thus also replaces the route command. The “route -n” command displays the addresses in tabular form, but only numerically and without DNS resolution. The output of “ip route show” or “ip route list”, on the other hand, is far more compact and contains additional information.

Another network command, which in this case is replaced by the command

ss 

(the abbreviation stands for “Sockets Statistics”) is netstat. The tool shows, for example, the list of active network connections. An example:

netstat --numeric --tcp --listen

The command lists the active TCP connections without name resolution. The ss equivalent is

ss --numeric --tcp --listen

The ss command is also part of the iproute2 package and replaces netstat on modern systems, as it can display more details and also starts faster.

While netstat retrieves information from the “/proc” files, ss accesses the kernel directly. In contrast to netstat, which is no longer an actively maintained nettool, ss is continuously being developed and adapted to modern operating systems and protocols.

The “ss” command without further parameters outputs a list of all network connections.

Another of the command’s strengths is that it can filter connections according to various criteria. For example, “ss -t” only lists TCP connections, while “ss -u” does the same with UDP connections. To display which processes are accessing the network, use the command “ss -p”.

iwconfig

Another network command that is now considered obsolete for good reason is iwconfig. It is similar to ifconfig, but is designed for wireless adapters. It can still be found in some distributions such as Ubuntu. However, others such as Red Hat have already removed it and replaced it with the newer

iw 

command.

This is because iwconfig does not cover many current WLAN functions and no longer reliably supports modern standards such as 802.11ac or 802.11ax.

Iw, on the other hand, is being actively developed further, provides detailed information about network cards, signal strengths, frequencies and channels, allows complex configurations, and supports all current WLAN standards as well as new functions such as mesh networks or WPA3.

scp

The scp command is another classic, but its use is no longer recommended. One of its strengths is that it is similar to the well-known cp command, which can be used to copy files and directories locally on a computer.

Scp, on the other hand, is used to transfer encrypted data over the network using SSH (Secure Shell). In addition to cp, scp also contains functions for authentication with a password or SSH key.

For example, the command

cp report.txt /home/user/backup/

copies the file “report.txt” from the current directory to a backup folder. With scp it would look like this:

scp report.txt user@server:/home/user/

Instead of just specifying a local path, scp requires a few additional details. For example, “user” is the user on the remote system, “server” is its address and “/home/user” is the path to the directory to which the “report.txt” file is to be transferred.

Another difference is that the transfer only takes place after the correct password has been entered. With both variants, it is also possible to append a file name to the path. The commands then change the original file name to the new one.

In the article “Deprecating scp“, the author Jonathan Corbet describes the most important reasons why scp is no longer being developed further.

For example, scp is based on the outdated rcp protocol, which is now classed as insecure. Another problem, according to Corbet, is the method used by scp to pass arguments. This could lead to the unintentional execution of commands, especially on systems on which access is actually restricted to simply copying data via scp.

Red Hat and Fedora have therefore decided in 2022 to no longer support the old SCP protocol by default. The scp command is still available, but now uses the more secure SFTP protocol internally by default (depending on the interpretation, the abbreviation stands for “Secure File Transfer Protocol” or “SSH File Transfer Protocol”), while the reference to the original SCP protocol has been removed.

The reason given by Dmitry Belyavskiy, Senior Software Engineer at Red Hat, is that the SCP protocol is already decades old and has numerous security risks and problems for which there are no simple solutions.

The change was programmed with the involvement of Jakub Jelen, who was active as a maintainer for the Open SSH package for several years. As a precaution, however, a kind of backdoor was built in.

There is now the new scp switch “-O”, which reactivates the old SCP protocol. However, it is likely to be removed again in one of the upcoming Red Hat releases. Its use is therefore not recommended.

It therefore makes more sense to switch to the alternatives

rsync

or

sftp 

alternatives. Both also use SSH to securely access remote machines. Both also offer more functions and, above all, are being actively developed further.

iptables

Many Linux users utilize the iptables tool for packet filtering and firewall configuration. It can be used to define rules that allow, block, or redirect packets.

However, iptables is now also considered outdated, mainly due to problems with scalability and performance.

For this reason, the Netfilter project itself, which also maintains the iptables userland tool in addition to the kernel subsystem, is developing

nftables 

because the iptables framework has become somewhat confusing.

For example, it is not exactly efficient to create rules for IPv4 with iptables and for IPv6 with ip6tables in order to then painstakingly synchronize them. This is easier with nftables.

Both commands work relatively similarly, but nftables not only uses a simpler syntax. The new tool even understands the syntax of iptables. In addition, iptables- translate is another tool that converts iptables commands into their nftables equivalent.

Conclusion: Please switch!

In the Linux world, changes tend to be rather cautious. Outdated utilities often remain in use for years, even when more modern and secure alternatives have long been available. Only after a longer period of time, sometimes only after several years, are these older tools gradually replaced by their updated counterparts.

However, this process also ensures stability and compatibility in the Linux community. Many old tools therefore deliberately remain in the distributions for compatibility reasons, but should at least be replaced by their more modern alternatives in tutorials, scripts, and new projects.