23 Nov
2018
23 Nov
'18
6:11 p.m.
On Fri, Nov 23, 2018 at 10:26:17PM +0800, Keith Williams wrote:
I'm not sure how many people have made the
transition from iptables to
nftables.
Not done so yet.
I have just done so on one VPS, had a couple of minor
hiccups on the way
but am very pleased with the result. Easy to do and the much more
human-readable and simplified syntax make it easy to read and maintain. I
particularly like the way that you just write one set of rules for ipv4 and
ipv6 and that as sets are built in it avoids all the problems involved in
making a table with sets reboot safe.
The syntax is appealing. It mimics 'pf' which I found very easy to read.
nftables seemed to a bit behind iptables, I could be wrong, if they're
at the same capability level now then I think maintaining iptables would
be less desirable. Might have been dreaming, did RH say they were were
going to use nftables for the next release?
iptables has been around an awfully long time, migration will be hard
for most people, I for one reject most forms of change! :)
--
Best regards,
Ed http://www.s5h.net/