With the iptables-nft packet, you'll use nftables backend, not the iptables one.
Look up the difference featurewise between the two, you'll be convicted. Your legacy script, software can still talk iptables to your system, but it's the nftables that answer. If you switch to nftables compatible software, you'll also get new features, only available through nftables. Le jeu. 17 oct. 2024 à 11:31, David C. Rankin <drankina...@gmail.com> a écrit : > On 10/17/24 3:35 AM, gerard.bi...@gmail.com wrote: > > nftables is able to respond to iptables commands through the > compatibility layer. > > > > iptables-nft is the packet for you. > > > > Thank you, > > I'm glad that's there, but then I have to ask myself, why would I want > to > run iptables via nftables through a compatibility layer when I can just > run > iptables itself? > > The other issue I see there is if a bug or issue pops up. Then is it > due to > iptables or the nft compatibility layer? > > Either way, I'm glad to know I can still use the tailored setup > regardless > of the default. But I do see a downside troubleshooting if a compatibility > layer is involved. > > So long as both are packages are offered, it doesn't really matter. You > can > install or remove either to your liking. I've been meaning to try the > nftables > setup, but haven't had a day or so to set aside to go through everything. > > I've got no complaints about the defaults Arch chooses. They always > work > out okay. > > -- > David C. Rankin, J.D.,P.E. >
