Anyone Familiar With NFTables?

Never heard of it. Just had a quick read, it'd be nice to have a one tool fits all system but apart from that it doesn't excite me. iptables will be around for a long while, I won't worry about this until I have to.

I spent 10 minutes staring at it when a friend linked me to it a while back, and 10 more minutes staring at when you linked to it here. Beyond that, I've not used it in any way. It does look really neat, and is even more powerful than the current set of iptables/ip6tables/ebtables/arptables (which is pretty hard to do), but as with most things that give you more power to do what you want, it's even less intuitive for new users, which, when it eventually fully replaces the existing tools, will make things like ufw and csf even more prevalent and probably make things worse than they were before. I can read and follow the flow of a ufw ruleset for iptables, but I shudder when thinking of what the nftables version would look like.

-Doug

@obs:

Never heard of it. Just had a quick read, it'd be nice to have a one tool fits all system but apart from that it doesn't excite me. iptables will be around for a long while, I won't worry about this until I have to.

iptables will be replaced with nftables in 3.13, as I understand it, although I believe there'll be a compatibility layer.

@Guspaz:

iptables will be replaced with nftables in 3.13, as I understand it, although I believe there'll be a compatibility layer.

They aren't ripping out iptables/ip6tables/ebtables/arptables immediately. They'll coexist for a while (but may be set in the Kconfig to be mutually exclusive), until xtables can use the compatibility layer, and the large majority of the other kinks have been worked out. This probably won't occur until 3.17 or later, at a minimum.

-Doug