Fedora 32 Looking At Switching Firewalld From Iptables To Nftables

tildearrow replied

11 September 2019, 10:08 PM
Originally posted by starshipeleven View Post

faster performance

I thought these were shared? (e.g. adding a rule with iptables and deleting it with nft)
Leave a comment:
tildearrow replied

11 September 2019, 03:09 PM
Originally posted by intelfx View Post

Nice.

It is long overdue for nftables to get some wider adoption.

nft add comment inet mytable {
"I will never get used to nftables..."
}
Leave a comment:
Weasel replied

11 September 2019, 11:19 AM
Originally posted by jabl View Post

Thanks for re-jogging my memory, I remember reading that article when it came out. Any news in the subsequent 1½ years since it was written, except that bpfilter was apparently merged for 4.18?

Yeah I'm curious too.
Leave a comment:
starshipeleven replied

11 September 2019, 11:05 AM
Originally posted by tuxd3v View Post

I don't get why somebody wants to change iptables or netfilter, by some crap..

faster performance
Leave a comment:
q2dg replied

11 September 2019, 11:02 AM
Originally posted by tuxd3v View Post

I don't get why somebody wants to change iptables or netfilter, by some crap..

Because nftables IS netfiler, ignorant
Likes 1
Leave a comment:
tuxd3v replied

11 September 2019, 09:24 AM
I don't get why somebody wants to change iptables or netfilter, by some crap..

Last edited by tuxd3v; 11 September 2019, 09:24 AM. Reason: typos
Leave a comment:
oibaf replied

11 September 2019, 04:39 AM
Originally posted by darkbasic View Post

What happens with docker/libvirt? They still don't use nftables and you can't mix iptables and nftables rules. How did they solve this issue in RHEL8?

You can, if you use iptables with the new -nft backend, which is the default since Debian 10 and RHEL 8.
Likes 2
Leave a comment:
darkbasic replied

11 September 2019, 04:03 AM
What happens with docker/libvirt? They still don't use nftables and you can't mix iptables and nftables rules. How did they solve this issue in RHEL8?

Last edited by darkbasic; 11 September 2019, 04:13 AM.
Likes 1
Leave a comment:
jabl replied

11 September 2019, 03:51 AM
Originally posted by starshipeleven View Post

BPF comes to firewalls [LWN.net]

https://old.lwn.net/Articles/747551/

Thanks for re-jogging my memory, I remember reading that article when it came out. Any news in the subsequent 1½ years since it was written, except that bpfilter was apparently merged for 4.18?
Likes 2
Leave a comment:
starshipeleven replied

11 September 2019, 03:38 AM
Originally posted by jabl View Post

Wasn't there some discussion on lkml some time ago that the future is eBPF and XDP, and that nftables is a failed experiment with little usage? And somebody had created some kind of iptables implementation that in fact compiled the rules to eBPF (bpfilter). But subsequently I've heard little of it, and it seems that distros are slowly starting to switch over to nftables. What gives?

BPF comes to firewalls [LWN.net]

https://old.lwn.net/Articles/747551/
Likes 2
Leave a comment:

Announcement

Fedora 32 Looking At Switching Firewalld From Iptables To Nftables

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: