Re: [gentoo-dev] nftables

2016-09-13 Thread Ian Bloss 
luckily I have the opportunity to start a table set from scratch, and I
don't have anything too wild going on. This is more of a learning
experience, the big thing is to have ipsec with strongswan setup.

On Mon, Sep 12, 2016 at 10:13 PM Vadim A. Misbakh-Soloviov 
wrote:

> I tried to migrate my ruleset to nftables and fount that nft lacks all of
> non-
> in-kernel xtables modules (see xtables-addons package) and even some of in-
> kernel ones: https://wiki.nftables.org/wiki-nftables/index.php/
> Supported_features_compared_to_xtables
>
>

Re: [gentoo-dev] nftables

2016-09-12 Thread Vadim A. Misbakh-Soloviov 
I tried to migrate my ruleset to nftables and fount that nft lacks all of non-
in-kernel xtables modules (see xtables-addons package) and even some of in-
kernel ones: https://wiki.nftables.org/wiki-nftables/index.php/
Supported_features_compared_to_xtables

Re: [gentoo-dev] nftables

2016-09-12 Thread Luca Barbato 
On 09/09/16 02:31, Ian Bloss wrote:
> Anyone actively using nftables for their firewall over iptables?
> Considering giving it a go as the syntax looks much nicer than iptables.
> 

I'm using a bit and just works fine =)

lu

Re: [gentoo-dev] nftables

2016-09-12 Thread Matthew Thode 
On 09/08/2016 07:31 PM, Ian Bloss wrote:
> Anyone actively using nftables for their firewall over iptables?
> Considering giving it a go as the syntax looks much nicer than iptables.

Openstack uses nftables if it's available.  So kinda.

-- 
Matthew Thode (prometheanfire)



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-dev] nftables

2016-09-12 Thread Ian Bloss 
Neat, looks great so I wanted to make sure there wasn't any obvious
problems sticking out.

On Thu, Sep 8, 2016, 19:09 Nick Vinson  wrote:

> On 09/08/2016 05:31 PM, Ian Bloss wrote:
> > Anyone actively using nftables for their firewall over iptables?
> > Considering giving it a go as the syntax looks much nicer than iptables.
>
> Works well enough for me.  I haven't seen any obvious bugs with the
> newest version and no one has reported any issues either.
>
> - Nicholas Vinson
>
>

Re: [gentoo-dev] nftables

2016-09-08 Thread Nick Vinson 
On 09/08/2016 05:31 PM, Ian Bloss wrote:
> Anyone actively using nftables for their firewall over iptables?
> Considering giving it a go as the syntax looks much nicer than iptables.

Works well enough for me.  I haven't seen any obvious bugs with the
newest version and no one has reported any issues either.

- Nicholas Vinson



signature.asc
Description: OpenPGP digital signature

[gentoo-dev] nftables

2016-09-08 Thread Ian Bloss 
Anyone actively using nftables for their firewall over iptables?
Considering giving it a go as the syntax looks much nicer than iptables.