Many thanks for your answer.
Is it planned to support nftables through dnsmasq? Is there a roadmap?
iptables-legacy is unfortunately only a temporary solution.
Gesendet: Donnerstag, 19. Dezember 2019 um 17:20 Uhr
Von: "Florent Fourcot" <>
Betreff: Re: [Dnsmasq-discuss] dnsmasq Debian 10 ipset nftables

Currently ipset are filled with Linux netlink interface, so it's fast
and efficient (not like running an external command). ipset module is an
iptables extension, and is not supported by nftables.

nftables has built-in same functionality than ipset (no need of an
extension), and is manageable thanks to netlink as well. But it's not
included today in dnsmasq.

So If you want to change our firewall after a DNS resolution on dnsmasq,
you still have to use iptables and not nftables (i.e. iptables-legacy on
Debian 10).
Dnsmasq-discuss mailing list

Reply via email to