~alpine/devel

1

[alpine-devel] Alpine Wall and NFTables

Details
Message ID
<5380E808.5000601@arcor.de>
Sender timestamp
1400956936
DKIM signature
missing
Download raw message
Hi,

While there is certainly nothing decided, yet, there have been
indications {2,3}, that iptables and ip6tables may be replaced by
nftables {1} sometime in the future. nftables is already part of the
kernel, but still under development. It is a likely candidate to become
the kernel devs-team favoured packet filter and the then obsolete
ip*tables victim of a code clean-up, even though this is probably years
of time away.

How will the (possible) change to nftables affect the development of
Alpine Wall?
Are there plans to make Alpine Wall compatible with nftables, once the
development of nftables has progressed enough?

Cheers, Tiger

{1} http://en.wikipedia.org/wiki/Nftables
{2}
http://kernelnewbies.org/Linux_3.13#head-f628a9c41d7ec091f7a62db6a49b8da50659ec88
{3} http://beta.slashdot.org/story/193183


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Details
Message ID
<alpine.LFD.2.10.1405261634380.21892@kunkku.net>
In-Reply-To
<5380E808.5000601@arcor.de> (view parent)
Sender timestamp
1401111773
DKIM signature
missing
Download raw message
On Sat, 24 May 2014, Der Tiger wrote:

> While there is certainly nothing decided, yet, there have been
> indications {2,3}, that iptables and ip6tables may be replaced by
> nftables {1} sometime in the future. nftables is already part of the
> kernel, but still under development. It is a likely candidate to become
> the kernel devs-team favoured packet filter and the then obsolete
> ip*tables victim of a code clean-up, even though this is probably years
> of time away.
>
> How will the (possible) change to nftables affect the development of 
> Alpine Wall? Are there plans to make Alpine Wall compatible with 
> nftables, once the development of nftables has progressed enough?

This is how I think. For the time being, it is probably a bit too early to 
consider switching to nftables, but as you say, likely must be done at 
some point of time.

Based on the documentation you refer to, the abstraction level provided by 
nftables is roughly the same as that of iptables. Therefore, I think awall 
will continue to be useful also with nftables.

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)