Ubuntu To Try Again In Switching IPTables To Use Nftables Backend

Back during the Ubuntu 20.04 cycle there was an attempt to switch the iptables back-end to Nftables by default. That plan was ultimately foiled by LXD at the time running into issues and other fallout. But now t hat those issues should be addressed and Debian Buster has switched to Nftables, the move is being re-attempted next week for Ubuntu 20.10.

Distributions like Fedora already switched to Nftables in the past, Debian is now on it, and Ubuntu 20.10 should be ready for it. Nftables as a packet filtering/classification framework for filtering network traffic is very stable at this point and addresses issues with IPTables. Nftables is generally regarded as being faster than IPTables, provide better rule-set handling, API benefits, more extensible, and other advantages.

Balint Reczey of Canonical announced that next week they plan to switch IPTables to use the NFTables back-end. Now that the issues have been overcome from during their Ubuntu 20.04 attempt, it should be smooth sailing next week. The default value can be changed but most software (including LXD) should now have full support for NFtables. Details in this mailing list post.