Wikipedia

Talk:Nftables

Latest comment: 4 years ago by ScratchMonkey in topic Berkeley Packet Filter
Learn more about this page

Unnamed section edit

Latest comment: 5 years ago3 comments3 people in discussion

What happened to this project? Still no news? 87.217.10.211 (talk) 07:42, 2 May 2010 (UTC)Reply

As of today, still no news. Some development happened in 2010, but nothing since more than 12 month (according to the git of Patrick McHardy on kernel.org). I believe the page should be modified again to state that the project is no longer under development (since may 2010, not 2009) (the email cited in the march 2011 update by user Stevenwagner are more than one year old). Emmanuel Deloget (talk) 15:29, 21 July 2011 (UTC)Reply
This is an ancient question, and talk pages are for discussion of the wikipedia page, but I would like anyone seeing this to know that nftables is very active, useful, and deployed in many places. Bepvte (talk) 14:43, 24 January 2019 (UTC)Reply

what is it? edit

Latest comment: 10 years ago7 comments2 people in discussion

Introduction: "nftables is an engine and utility program" Is it just a utility program like iptables, or is it a software comprising a utility program AND some engine code? ScotXW (talk) 09:48, 22 October 2013 (UTC)Reply

The sentence is quite clear, it says it's an engine and utility program. -- Dsimic (talk) 12:21, 22 October 2013 (UTC)Reply
Got the language improved a bit for additional clarity. -- Dsimic (talk) 12:33, 22 October 2013 (UTC)Reply
Official nftables is the project that aims to replace the existing {ip,ip6,arp,eb}tables framework. Basically, this project provides a new packet filtering framework, a new userspace utility and also a compatibility layer for {ip,ip6}tables. nftables is built upon the building blocks of the Netfilter infrastructure such as the existing hooks, the connection tracking system, the userspace queueing component and the logging subsystem. ScotXW (talk) 20:33, 26 October 2013 (UTC)Reply
Right, but nftables is also the name of the userspace binary used for configuring the kernel part, besides the kernel part itself being also called nftables. Anyway, got the heading section extended, for additional clarity. -- Dsimic (talk) 21:46, 26 October 2013 (UTC)Reply
No, according to netfilter.org the new userspace utility is called nft. AFAIR it was to be called nftables, but it seems they decided for the shorter variant. ScotXW (talk) 11:41, 27 October 2013 (UTC)Reply
You're right, it was my bad, thanks for pointing that out. Git tree also confirms that. Got the article updated accordingly. -- Dsimic (talk) 14:28, 27 October 2013 (UTC)Reply

software architecture edit

Latest comment: 9 years ago1 comment1 person in discussion

Conforming to Linux User Magazine germany, among the differences to netfilter are:

  • nftables is part of the network stack instead of sitting on top of the network stack; this removes the necessity to pass data from the network stack to the actual packet filter
  • is implemented as a "virtual machine" (though I do not understand what this is supposed to mean!)
  • handles IPv4, IPv6, ARP and EB withouth code duplication in contrast to netfilter
  • nftables shall replace netfilter, and nft shall replace iptables, ip6tables, arptables and ebtables!

For netfilter there is File:Netfilter-components.svg, the code works on top of the network stack and there is a lot of code duplication between the different modules (ipv4, ipv6, arp and eb). Something similar would be nice for nftables. User:ScotXWt@lk 11:41, 18 April 2015 (UTC)Reply

Berkeley Packet Filter edit

Latest comment: 4 years ago1 comment1 person in discussion

It appears that Extended Berkeley Packet Filter (eBPF) is going to be the new kernel infrastructure for building firewalls, not npt as previously planned:

-- ScratchMonkey (talk) 11:13, 24 October 2019 (UTC)Reply

Add topic
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Nftables&oldid=1207204401"