On 02/28/2018 02:15 PM, Walter Dnes wrote:
Is there something besides iptables?
nftablesI think BPF may come into context here, but I've mostly ignored it, so I'm not sure.
It seems to be like systemd/perl/python, continuously expanding its scope.
What do you mean?I've seen newer match extensions and targets over the years. But those are simply additional optional bits. I.e. you need to have the module loaded or compiled into your kernel.
I fondly remember IPCHAINS.
I vaguely remember ipchains. I don't remember what was before it, ipfwadm(?).
Maybe it was my ignorance at the time, but I wouldn't use the word "fondly" to describe my experience with ipchains.
I am fond of iptables / ebtables / arptables.I've looked at nftables a few times in the last 18 months and have decided not to take that plunge yet. Usually it's because I feel like I don't have feature parity between iptables and nftables for the iptables features that I use.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
