|
|
Subscribe / Log in / New account

Nftables: a new packet filtering engine

Nftables: a new packet filtering engine

Posted Apr 2, 2009 10:45 UTC (Thu) by jengelh (guest, #33263)
Parent article: Nftables: a new packet filtering engine

>that is part of why there are actually three copies of the iptables code in the kernel.

_Four_ of them: ip, ip6, arp, eb.

And the kickoff for the mess is that someone decided to do a parallel copy, from struct ipt_ip to ip6t_ip6 instead of creating a higher level that could contain either ipt or ip6t as sub-data. (E.g. footabels -m ip6t) Then lots of the table management mess could have been avoided.

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds