Please, please, PLEASE merge this!

Posted Apr 2, 2009 10:02 UTC (Thu) by ringerc (subscriber, #3071)
Parent article: Nftables: a new packet filtering engine

One thing that WASN'T mentioned in the above is that nftables:

- Can quickly and efficiently compile and load rules from a single simple file without hundreds or thousands of invocations of the `iptables' process

- Can implement sane error handling for rule definition; and

- Can potentially TRANSACTIONALLY APPLY RULE CHANGES

*PLEASE* merge this. I've wanted these capabilities for so long - iptables' userspace interface is SO awful to work with.

Posted Apr 2, 2009 10:36 UTC (Thu) by mgb (guest, #3226) [Link]

Have you tried iptables-restore?

Posted Apr 3, 2009 18:24 UTC (Fri) by trasz (guest, #45786) [Link]

I.e. pftables can do a few more things BSD users had available (with pf) for... how many, five years
now? ;-)