LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Nftables: a new packet filtering engine

Nftables: a new packet filtering engine

Posted Apr 3, 2009 5:40 UTC (Fri) by ejmarkow (guest, #56170)
Parent article: Nftables: a new packet filtering engine

Rather than reinvent the wheel, OpenBSD's excellent PF (Packet Filter) firewall should just be ported and used for Linux and have it replace Iptables. As a former FreeBSD and current Arch Linux user, a firewall similar to PF is an essential item currently lacking in Linux. Otherwise, I support the implementation of Nftables if it's going to be a vast improvement.

(Log in to post comments)

Nftables: a new packet filtering engine

Posted Apr 3, 2009 13:02 UTC (Fri) by nix (subscriber, #2304) [Link]

Other comments to this article have pointed out that pf has fewer features
than iptables, so porting (really 'reimplementing') it isn't something
that's terribly likely to happen.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds