> I'm about to build a new firewall for a gateway box and I'm tempted by > nftables. It's interesting for two reasons: it's the next generation > GNU/Linux firewall, and alone it can replace iptables, ip6tables, > arptables, and ebtables. > > Has anybody used nftables and have anything to report (negative or > positive)? I saw mention of it on one of these lists just over a year > ago which linked to a useful website. I had already found the website > the link pointed to (via google), and it's here http://is.gd/hP4WX0 if > anybody is interested.
Yes, I can see why it's attractive from an architecture point of view. But if the details of the IP protocols are being pulled out of the code, one must be able to understand that one has created firewall rules that cover all the attack vectors. The other thing is, I think for something so critical anymore as a firewall, and in comparison to something with such a history as iptables, I'll be waiting for a couple stable releases at least. -- Paul Rogers [email protected] Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://www.fastmail.com - Same, same, but different... -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
