"Alexander V. Makartsev" <[email protected]> writes: [...] > > There is also a new kid around called "nft" which should replace > iptables, but its syntax is super weird and non-intuitive for me, so I > consider it a downgrade.
I disagree. I was happy iptables user and some time ago I migrated my rules to nftables. Indeed this is no 1-1 migration, you have to rethink your rules, but IMO this is more comfortable. The main difference (IMO) is that most your dynamic logic shoud go to sets not to the rules itself. KJ -- http://wolnelektury.pl/wesprzyj/teraz/ Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser
