X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from kunkku.net (cs181058236.pp.htv.fi [82.181.58.236])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 19F5ADC0B9A
	for <alpine-devel@lists.alpinelinux.org>; Mon, 26 May 2014 13:42:58 +0000 (UTC)
Received: from kunkku.net (kunkku.net [127.0.0.1])
	by kunkku.net (8.14.7/8.14.7) with ESMTP id s4QDgttn022079;
	Mon, 26 May 2014 16:42:55 +0300
Received: from localhost (kaarle@localhost)
	by kunkku.net (8.14.7/8.14.7/Submit) with ESMTP id s4QDgr6S022075;
	Mon, 26 May 2014 16:42:54 +0300
X-Authentication-Warning: kunkku.net: kaarle owned process doing -bs
Date: Mon, 26 May 2014 16:42:53 +0300 (EEST)
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
X-X-Sender: kaarle@kunkku.net
To: Der Tiger <der.tiger.alpine@arcor.de>
cc: "alpine-devel@lists.alpinelinux.org" <alpine-devel@lists.alpinelinux.org>
Subject: Re: [alpine-devel] Alpine Wall and NFTables
In-Reply-To: <5380E808.5000601@arcor.de>
Message-ID: <alpine.LFD.2.10.1405261634380.21892@kunkku.net>
References: <5380E808.5000601@arcor.de>
User-Agent: Alpine 2.10 (LFD 1266 2009-07-14)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Sat, 24 May 2014, Der Tiger wrote:

> While there is certainly nothing decided, yet, there have been
> indications {2,3}, that iptables and ip6tables may be replaced by
> nftables {1} sometime in the future. nftables is already part of the
> kernel, but still under development. It is a likely candidate to become
> the kernel devs-team favoured packet filter and the then obsolete
> ip*tables victim of a code clean-up, even though this is probably years
> of time away.
>
> How will the (possible) change to nftables affect the development of 
> Alpine Wall? Are there plans to make Alpine Wall compatible with 
> nftables, once the development of nftables has progressed enough?

This is how I think. For the time being, it is probably a bit too early to 
consider switching to nftables, but as you say, likely must be done at 
some point of time.

Based on the documentation you refer to, the abstraction level provided by 
nftables is roughly the same as that of iptables. Therefore, I think awall 
will continue to be useful also with nftables.

BR,
Kaarle


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---