Richard Melville wrote:
I'm about to build a new firewall for a gateway box and I'm tempted by
nftables. It's interesting for two reasons: it's the next generation
GNU/Linux firewall, and alone it can replace iptables, ip6tables,
arptables, and ebtables.
Has anybody used nftables and have anything to report (negative or
positive)? I saw mention of it on one of these lists just over a year ago
which linked to a useful website. I had already found the website the link
pointed to (via google), and it's here http://is.gd/hP4WX0 if anybody is
interested.
I started to look at nftables. My initial reaction was that I didn't like the
interface. Perhaps it's just a style issue, but I prefer using the option
format. That is something like:
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
That seems to emphasize the options and arguments better than
nft add rule ip filter output ip daddr 192.168.1.0/24 counter
It seems that nft wants to copy the cisco ios syntax (its been a while, so I'm
not sure), but it just doesn't 'feel' comfortable to me.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
