On Tuesday, December 10, 2019 5:36 PM, Jason A. Donenfeld <[email protected]> wrote:
> > On the other hand, if what you say is actually true in our case, and > nftables is utter crap, then perhaps we should scrap this nft(8) patch > all together and just keep pure iptables(8). DKG - you seemed to want > nft(8) support, though. How would you feel about that sort of > conclusion? > > Jason The only scenario where you really want to use nft is where iptables command doesn't exist. I don't know how realistic scenario it is but I assume it can happen in the wild. Otherwise calling iptables will take care of both iptables and nftables automatically if those are supported on system. That's why I proposed to invert current patch logic. Jordan _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
