On Mon, Dec 11, 2017 at 5:28 PM, Kenneth Peiruza <[email protected]> wrote: > zero? > > On Sergio Belkin <[email protected]>, Dec 11, 2017 16:31 wrote: > 2017-12-10 11:55 GMT-03:00 Simone Piccardi <[email protected]>: >> Il 09/12/2017 23:31, Sergio Belkin ha scritto: >> > * Basic configuration of iptables >> >> iptables are deprecated too, for nftables, also if for the moment the >> switch is almost everywhere postponed. >> >> But more than this, what dose "basic" means here, and how it is meant to >> be teached and learned without the knowledge of the netfilter >> architecture (that does not seems a basic argument, at least to me).
IPTables won't be deprecated for some time. The NetFilter code of the kernel is little changed for the nftables front-end, just greatly simplified from an ABI/API standpoint. This brings in a new userspace command, "nft", along with a not-quite-100% backwards compatible "ip[6]tables" (e.g., ebtables, arptbales, etc...), but "close enough." So it'll be some time before any program can deprecate it from its objectives. This is very akin to what the NetworkManager and its "nmcli" command has attempted to do for the Network configuration subsystem, including being compatible with the iproute2 commands. People are still going to use the direct "ip" commands. In fact, it's not a surprise the "nft" has a very "nmcli" like syntax either, which is also similar to positional parameter "ip" command too. Beyond that ... Akin to NetworkManager, firewalld is working on a drop-in replacement for "nftables", including providing the D-Bus support just like for "iptables." So it's a separate consideration, just like "iptables" is to firewalld. As always, I would recommend we focus on the commands that all sysadmins may run into -- first and foremost -- and then consider other objectives from there. E.g., "ip" commands and "iptables" commands, before more complex solutions. - bjs -- Bryan J Smith - http://www.linkedin.com/in/bjsmith E-mail: b.j.smith at ieee.org or me at bjsmith.me _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
