-------- Original Message --------
Subject: Re: [Shorewall-users] NFTables on the roadmap?
From: Lee Brown <[email protected]>
To: Shorewall Users <[email protected]>
Date: 11/3/16, 6:21 PM
On Mon, Oct 31, 2016 at 11:27 AM, Tom Eastep <[email protected]
<mailto:[email protected]>> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/31/2016 10:44 AM, Ob Noxious wrote:
> Hi,
>
> You probably already know most of its contents but here's a nice
> introduction to NFTables:
>
>
http://developers.redhat.com/blog/2016/10/28/what-comes-after-iptables-its-successor-of-course-nftables/
<http://developers.redhat.com/blog/2016/10/28/what-comes-after-iptables-its-successor-of-course-nftables/>
>
> Is there any plan in the future to switch to it?
>
> I ask because it's now quite widely available, since kernel 3.13,
> in most distros and the benefits are huge.
>
The design of Shorewall is inexorably linked to that of iptables. So
there are no plans to implement nftables support. That must be an
entirely new product, and at the age of 71, I have no interest in
taking on such a large project.
- -Tom
The little I read on nftables, I saw this on the homepage:
*nft* syntax differs from {ip,ip6,eb,arp}tables. Moreover, there
is a *backward compatibility layer* that allows you run
iptables/ip6tables, using the same syntax, over the nftables
infrastructure.
So it would seem Shorewall should remain relevant .. at least for a while.
Personally I'd like to take the opportunity to, once again, thank Tom
and the team behind Shorewall for their excellent work. By observing
the input and output, I was able to gain an understanding of iptables
that I was never able to glean any other way (what's better than a
working example?). As a one-man admin Shorewall has enabled me to
very easily provide various services (voice, video, internet) to 5
sites separated with MPLS and redundant radio bridges.
-- lee
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
I second that in thanking Tom and all who contribute to Shorewall. There
are so many people I have been able to help not waste money on
unnecessary products that cost a ton and are so limited unless you spend
way more money on licensing, etc. THANKS. I dread iptables going away.
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
