Announcement

Collapse
No announcement yet.

Fedora 32 Looking At Switching Firewalld From Iptables To Nftables

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fedora 32 Looking At Switching Firewalld From Iptables To Nftables

    Phoronix: Fedora 32 Looking At Switching Firewalld From Iptables To Nftables

    While Fedora 31 isn't even out yet, looking ahead to the Fedora 32 release next spring is a plan to switch firewalld as Fedora's default network firewall from its existing iptables back-end to the more modern nftables back-end...

    http://www.phoronix.com/scan.php?pag...walld-Nftables

  • Zucca
    replied
    Originally posted by tuxd3v View Post
    I am just asking since iptables syntax is literally very simple, at least for this "99% use cases"..
    I never fully understood iptables logic. But I really didn't use it that much since I switched to nftables quite early.

    Leave a comment:


  • Weasel
    replied
    nftables syntax isn't that much more difficult for the simple stuff.

    Leave a comment:


  • tuxd3v
    replied
    Originally posted by chilinux View Post
    It might be that the current user-space tools still have limitations but at least the inflexibility that puts limits on the usefulness and performance optimization is finally being move out of the kernel in the new model.
    first of all, thanks a lot for your comment!!
    I still have some doubts that I need to sort by myself, about this new model..
    I understand that its better to use less resources, if we can..

    But I don't really know the trade offs needed to achieve that..
    It could be that the new model is weird? I mean maybe complex, for the majority of situations, and in this case.. you end up creating something, that plays nice with 1% of the situations but in 99% of the cases, is not needed?

    I am just asking since iptables syntax is literally very simple, at least for this "99% use cases"..

    Leave a comment:


  • pal666
    replied
    Originally posted by chilinux View Post
    Considering Fedora is normally the incubator to test changes for Red Hat Enterprise Linux
    no more than debian is normally the incubator to test changes for ubuntu

    Leave a comment:


  • Zucca
    replied
    Oh... I do hope nftables isn't going away as some users here suggested. I've been using nftables for quite a long time. So long in fact, that I've removed the old iptables stuff from kernel.
    Yes. a Gentoo user here. Hi.

    Leave a comment:


  • Spam
    replied
    Iptables is usling same backend as nftables.

    # iptables -version
    iptables v1.8.3 (legacy)

    Leave a comment:


  • chilinux
    replied
    Originally posted by tildearrow View Post

    Neither.

    Code:
    $ iptables --version
    iptables v1.6.0
    Will assume it's legacy though...
    I don't think version 1.6.0 had any provisions to use nf_tables so legacy seems about right.

    Leave a comment:


  • tildearrow
    replied
    Originally posted by chilinux View Post

    If you run: iptables --version

    Does it then spit out a line ending with "(legacy)" or ending with "(nf_tables)"?

    If it says legacy then it is not shared. If it says nf_tables, then it is.
    Neither.

    Code:
    $ iptables --version
    iptables v1.6.0
    Will assume it's legacy though...
    Last edited by tildearrow; 09-12-2019, 12:36 AM.

    Leave a comment:


  • chilinux
    replied
    Originally posted by tildearrow View Post

    I thought these were shared? (e.g. adding a rule with iptables and deleting it with nft)
    If you run: iptables --version

    Does it then spit out a line ending with "(legacy)" or ending with "(nf_tables)"?

    If it says legacy then it is not shared. If it says nf_tables, then it is.

    Leave a comment:

Working...
X