|
|
Log in / Subscribe / Register

Nftables: a new packet filtering engine

Nftables: a new packet filtering engine

Posted Mar 24, 2009 19:45 UTC (Tue) by flewellyn (subscriber, #5047)
In reply to: Nftables: a new packet filtering engine by kaber
Parent article: Nftables: a new packet filtering engine

Too true on the "less flexible" bit. PF is a nice idea, but the OpenBSD folk did not add nearly as much flexibility to the system as iptables offers. Doing NAT with it is easy enough in the default setting, but more complex stuff, I found painful.

to post comments

Nftables: a new packet filtering engine

Posted Mar 24, 2009 19:51 UTC (Tue) by quotemstr (subscriber, #45331) [Link] (3 responses)

What exactly were you trying to do?

Nftables: a new packet filtering engine

Posted Mar 24, 2009 20:08 UTC (Tue) by flewellyn (subscriber, #5047) [Link] (2 responses)

Route between two NATted LANs and the WAN, with port forwarding and connection tracking. It got hairy when I tried to set up the connection tracking between the two LANs. The WAN-to-LANs tracking wasn't too hard.

This was in 2005, so I will grant that things may have changed since then.

Nftables: a new packet filtering engine

Posted Mar 24, 2009 20:11 UTC (Tue) by Alan_Hicks (guest, #20469) [Link] (1 responses)

Yeah, that's really pretty easy to do with pf. You should give it a look next time you need a firewall, particularly one with several different interfaces and needs.

Nftables: a new packet filtering engine

Posted Mar 25, 2009 13:54 UTC (Wed) by rvfh (guest, #31018) [Link]

How about a PF to Nftables translator, along with the iptables to Nftables translator? Isn't that one of the real strength of Nftables, flexibility?


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds