iptables replacement incoming?


I've been watching this for a bit recently and it looks like a great replacement. Anyway, saw it pop up in a new feed ^_^

How many are rolling 3.xx kernel atm on their nodes?

"NFTables is a new firewall subsystem / packet filtering engine for the Linux kernel that is poised to replace iptables. NFTables has been in development for several years by the upstream author of Netfilter. This new nftables system is set to be merged now into the Linux 3.13 kernel. "

Source: http://www.phoronix.com/scan.php?page=news_item&px=MTQ5MDU
Anyone using NFTables already? 

Is it more straightforward to use?   What are the advantages?


It has an iptables compatibility layer, lets hope its good. Some extra performance would be nice but not at the cost of rebuilding all the iptables compatible scripts & utils.


I run 3.8 on all the nodes I can.

Alas, RHEL 7 isn't out yet so OVZ can't rebase to 3.x :(



Just use what's supported.  OVZ Rebase to 3.x will cause a lot of pain probably means all Containers will have to be 3x compatible.