On Fri, Nov 23, 2018 at 10:26:17PM +0800, Keith Williams wrote:
> I'm not sure how many people have made the transition from iptables to
> nftables.
Not done so yet.
> I have just done so on one VPS, had a couple of minor hiccups on the way
> but am very pleased with the result. Easy to do and the much more
> human-readable and simplified syntax make it easy to read and maintain. I
> particularly like the way that you just write one set of rules for ipv4 and
> ipv6 and that as sets are built in it avoids all the problems involved in
> making a table with sets reboot safe.
The syntax is appealing. It mimics 'pf' which I found very easy to read.
nftables seemed to a bit behind iptables, I could be wrong, if they're
at the same capability level now then I think maintaining iptables would
be less desirable. Might have been dreaming, did RH say they were were
going to use nftables for the next release?
iptables has been around an awfully long time, migration will be hard
for most people, I for one reject most forms of change! :)
--
Best regards,
Ed
http://www.s5h.net/
