iptables replacement incoming?

Discussion in 'Industry News' started by kro, Oct 20, 2013.

  1. kro

    kro New Member Verified Provider

    May 16, 2013
    I've been watching this for a bit recently and it looks like a great replacement. Anyway, saw it pop up in a new feed ^_^

    How many are rolling 3.xx kernel atm on their nodes?

    "NFTables is a new firewall subsystem / packet filtering engine for the Linux kernel that is poised to replace iptables. NFTables has been in development for several years by the upstream author of Netfilter. This new nftables system is set to be merged now into the Linux 3.13 kernel. "

    Source: http://www.phoronix.com/scan.php?page=news_item&px=MTQ5MDU
    Last edited by a moderator: Oct 20, 2013
    fixidixi likes this.
  2. drmike

    drmike 100% Tier-1 Gogent

    May 13, 2013
    Anyone using NFTables already? 

    Is it more straightforward to use?   What are the advantages?
  3. splitice

    splitice Just a little bit crazy... Verified Provider

    Jun 16, 2013
    It has an iptables compatibility layer, lets hope its good. Some extra performance would be nice but not at the cost of rebuilding all the iptables compatible scripts & utils.
    drmike likes this.
  4. Francisco

    Francisco Company Lube Verified Provider

    May 15, 2013
    I run 3.8 on all the nodes I can.

    Alas, RHEL 7 isn't out yet so OVZ can't rebase to 3.x :(

  5. jcaleb

    jcaleb New Member

    May 15, 2013
    i use ipchains when i was sysad 12 yrs ago
    datarealm likes this.
  6. VPSCorey

    VPSCorey New Member Verified Provider

    Jul 10, 2013
    Just use what's supported.  OVZ Rebase to 3.x will cause a lot of pain probably means all Containers will have to be 3x compatible.