I just try to build libnftnl-dev and nftables from jessie, and it's seem to
works fin:
load rules (aka iptables-restore)
#nft -f /etc/nftables/ipv4-filter
save rules (aka iptables-save)
# nft list table filter
table ip filter {
chain input {
type filter hook input
Just done some test, seem that nft syntax is not stable yet,
some minors syntax changes occurs between differents release from last 6months.
another interesting feature since nftables 0.2, is to be able to manage ipv4
and ipv6
in the same filter table
nft -f /etc/nftables/inet-filter
Rules
Would be nice but it got included upstream in linux 3.13 kernel. I think it's
something for RHEL8.
AFAIK it is included in RHEL7
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
So the WebGUI for backups basically edits a cron job?
yes
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
My feeling is that we should use nft, else we will do all work twice.
yes.
But the current iptables implementation is a good start for the first
release.
I'll try to build a nftables rules sample manually to see what's missing.
maybe can we release current iptables code for ipv4+ipset and