On Wed, 2021-02-24 at 16:00 +0200, Lars Noodén via Dng wrote: > There is an awful lot of inertia for iptables, more than there was > for > ipchains, but iptables is rather difficult to learn and use. It has > also been succeeded by nftables, which is where the development is > happening. So even though Beowuulf seems to come with iptables, I > would > recommend removing iptables and installing with nft. > > See: > > https://wiki.nftables.org/ > > https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes > > Furthermore, nftables keeps its configuration in a single file: > /etc/nftables.conf which is then read on startup, once nftables is > activate in sysvinit or openrc. Though it is very different, I find > that nft makes a bit more sense. It is also supposed to be more > efficient. YMMV. > > /Lars
If I understand correctly, the iptables cli that we use now is just a wrapper around nftables. The increased functionality of nftables is intriguing. The increased verbosity was a turnoff, but if it's necessary for increased functionality it's understandable. Gabe _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
