@tetech said:
Sorry, the point here is evading me.
You have no reason to move your iptables scripts because "iptables" is using nftables nowadays. iptables is a symlink to xtables-nft-multi, and uses iptables syntax on nftables backend. Just use iptables as usual.
OK, I now agree with you. I wasn't talking about the kernel module being problematic, only the nft utilities/frontend. The reason I started down this path was because people describe nft as the "successor to" or "replacement for" iptables and tout all the supposed benefits, so I tried it.
But my conclusion is that I'll go back to iptables (the utilities, not the kernel module).
@supriyo_biswas said:
I had no idea this was a trauma dump thread. Anyway, personally I just like to go with whatever works, and it was easier to bite the bullet and learn nftables.
The "End rant" in the OP didn't tip you off?
I mean, if you've ready-made solutions to the problems listed in the OP then I'm all ears. Probably the "whatever works" for me is to go back to iptables, though.
Note that there are several "overlay" programs aiming at making nftables simple to configure and use, suitable for basic to modest needs. Even simpler than the good old iptables rules'n'chains. One such promising project is foomuuri, already available in some repos e.g. at debian
Comments
OK, I now agree with you. I wasn't talking about the kernel module being problematic, only the nft utilities/frontend. The reason I started down this path was because people describe nft as the "successor to" or "replacement for" iptables and tout all the supposed benefits, so I tried it.
But my conclusion is that I'll go back to iptables (the utilities, not the kernel module).
The "End rant" in the OP didn't tip you off?
I mean, if you've ready-made solutions to the problems listed in the OP then I'm all ears. Probably the "whatever works" for me is to go back to iptables, though.
Note that there are several "overlay" programs aiming at making nftables simple to configure and use, suitable for basic to modest needs. Even simpler than the good old iptables rules'n'chains. One such promising project is foomuuri, already available in some repos e.g. at debian
nft can suck my big toe
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?