| |||||||||||||
Nftables: a new packet filtering engineNftables: a new packet filtering enginePosted Mar 24, 2009 19:45 UTC (Tue) by flewellyn (subscriber, #5047)In reply to: Nftables: a new packet filtering engine by kaber Parent article: Nftables: a new packet filtering engine
Too true on the "less flexible" bit. PF is a nice idea, but the OpenBSD folk did not add nearly as much flexibility to the system as iptables offers. Doing NAT with it is easy enough in the default setting, but more complex stuff, I found painful.
(Log in to post comments)
Nftables: a new packet filtering engine Posted Mar 24, 2009 19:51 UTC (Tue) by quotemstr (subscriber, #45331) [Link]
What exactly were you trying to do?
Nftables: a new packet filtering engine Posted Mar 24, 2009 20:08 UTC (Tue) by flewellyn (subscriber, #5047) [Link]
Route between two NATted LANs and the WAN, with port forwarding and connection tracking. It got hairy when I tried to set up the connection tracking between the two LANs. The WAN-to-LANs tracking wasn't too hard.
This was in 2005, so I will grant that things may have changed since then.
Nftables: a new packet filtering engine Posted Mar 24, 2009 20:11 UTC (Tue) by Alan_Hicks (subscriber, #20469) [Link]
Yeah, that's really pretty easy to do with pf. You should give it a look next time you need a firewall, particularly one with several different interfaces and needs.
Nftables: a new packet filtering engine Posted Mar 25, 2009 13:54 UTC (Wed) by rvfh (subscriber, #31018) [Link]
How about a PF to Nftables translator, along with the iptables to Nftables translator? Isn't that one of the real strength of Nftables, flexibility?
|
|||||||||||||