Hello,
Currently ipset are filled with Linux netlink interface, so it's fast
and efficient (not like running an external command). ipset module is an
iptables extension, and is not supported by nftables.
nftables has built-in same functionality than ipset (no need of an
extension), and is manageable thanks to netlink as well. But it's not
included today in dnsmasq.
So If you want to change our firewall after a DNS resolution on dnsmasq,
you still have to use iptables and not nftables (i.e. iptables-legacy on
Debian 10).
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
