I came across this blog, from Jonathan Corbet, dated Feb 19th, 2018.
BPF Comes to Firewalls, by Jonathan Corbet
I found this rather fascinating, since I was aware that nftables seemed pre-ordained to be the successor to iptables. I had even purchased and read Steven Suehring's Linux Firewalls book, which covers both iptables and nftables.
At the end of the day, I only see iptables and firewalls based on iptables (e.g. FirewallD) being used. I have not encountered any nftables firewalls yet.
And the other noted point is that nftables IS in the current version of the Linux Kernel. BPF is not.
But, can BPF come into Linux distributions alongside nftables soon, and wind up replacing nftables?
That is the question.
Another interesting blog post addressing the impetus of BPF, is this one:
why-is-the-kernel-community-replacing-iptables
No comments:
Post a Comment