We're 2 years further now and with Centos 8 this is really starting to get interesting.
In fact it lies in the netfilter's idea's to in time replace iptables with nftables.
Are there any plans from configserver to create a CSF firewall which works with nftables? Any insights on this?
nftables
-
Black Tiger
- Junior Member
- Posts: 73
- Joined: 17 Feb 2009, 14:14
- Contact:
Re: nftables
Catch one more vote for nftables compatibility request.
-
TheDragonLord
- Junior Member
- Posts: 1
- Joined: 25 May 2020, 21:07
Re: nftables
Rationale: ntftables do not use kernel memory to store blocked ips. The traditional use of IP sets for this does not work on all VPS systems, but an NFtable does.
Additional Feedback: Ubuntu Server after 18.04 LTS removed iptables-nftables-compat necessary to run this script as has Debian after backports 1.6.2-1.1. By migrating the script to nftables, the script can be used by newer distributions.
References:
https://packages.debian.org/search?keyw ... ection=all
https://packages.ubuntu.com/search?keyw ... chon=names
Additional Feedback: Ubuntu Server after 18.04 LTS removed iptables-nftables-compat necessary to run this script as has Debian after backports 1.6.2-1.1. By migrating the script to nftables, the script can be used by newer distributions.
References:
https://packages.debian.org/search?keyw ... ection=all
https://packages.ubuntu.com/search?keyw ... chon=names
-
AdminWonder
- Junior Member
- Posts: 19
- Joined: 25 Feb 2014, 16:26
Re: nftables
In addition to that, nftables is much more efficient. What surprises me is that CSF has still not yet changed it to nftables. It was too late at the time of posting this thread.
Re: nftables
Just noticed Ubuntu 20.10 seems to have nftables as default, replacing iptables.
https://discourse.ubuntu.com/t/groovy-g ... otes/15533
https://discourse.ubuntu.com/t/groovy-g ... otes/15533