iptables replacement incoming?


New Member
Verified Provider
I've been watching this for a bit recently and it looks like a great replacement. Anyway, saw it pop up in a new feed ^_^

How many are rolling 3.xx kernel atm on their nodes?

"NFTables is a new firewall subsystem / packet filtering engine for the Linux kernel that is poised to replace iptables. NFTables has been in development for several years by the upstream author of Netfilter. This new nftables system is set to be merged now into the Linux 3.13 kernel. "

Source: http://www.phoronix.com/scan.php?page=news_item&px=MTQ5MDU
Last edited by a moderator:


100% Tier-1 Gogent
Anyone using NFTables already? 

Is it more straightforward to use?   What are the advantages?


Just a little bit crazy...
Verified Provider
It has an iptables compatibility layer, lets hope its good. Some extra performance would be nice but not at the cost of rebuilding all the iptables compatible scripts & utils.


Company Lube
Verified Provider
I run 3.8 on all the nodes I can.

Alas, RHEL 7 isn't out yet so OVZ can't rebase to 3.x :(



New Member
Verified Provider
Just use what's supported.  OVZ Rebase to 3.x will cause a lot of pain probably means all Containers will have to be 3x compatible.