| From: |
| David Miller <davem-AT-davemloft.net> |
| To: |
| fw-AT-strlen.de |
| Subject: |
| Re: [PATCH RFC 0/4] net: add bpfilter |
| Date: |
| Fri, 16 Feb 2018 17:33:54 -0500 (EST) |
| Message-ID: |
| <20180216.173354.347842978561257782.davem@davemloft.net> |
| Cc: |
| daniel-AT-iogearbox.net, netdev-AT-vger.kernel.org, netfilter-devel-AT-vger.kernel.org, alexei.starovoitov-AT-gmail.com |
From: Florian Westphal <fw@strlen.de>
Date: Fri, 16 Feb 2018 17:14:08 +0100
> Any particular reason why translating iptables rather than nftables
> (it should be possible to monitor the nftables changes that are
> announced by kernel and act on those)?
As Daniel said, iptables is by far the most deployed of the two
technologies. Therefore it provides the largest environment for
testing and coverage.
