Nftables: Difference between revisions
DSisyphBot (talk | contribs) m r2.7.2) (Robot: Removing pt:Nftables |
|||
| Line 54: | Line 54: | ||
[[Category:Firewall software]] |
[[Category:Firewall software]] |
||
[[Category:Linux security software]] |
[[Category:Linux security software]] |
||
[[pt:Nftables]] |
|||
Revision as of 20:42, 28 August 2012
| Original author(s) | Patrick McHardy |
|---|---|
| Developer(s) | Patrick McHardy |
| Stable release | 0.01-alpha1
/ March 18, 2009 |
| Preview release | |
| Repository | |
| Written in | C |
| Operating system | Linux |
| Type | packet filtering |
| License | GPL (version 2) |
| Website | netfilter.org/projects/nftables (removed in 2009) |
nftables was an engine and administration tool for packet filtering and classification for Linux, intended to replace iptables. The project stayed in alpha stage and seemed to be abandoned (no new development since July 2010) and the official website was removed in 2009. In March 2010, emails from the author on the project mailing lists showed the project was still active and approaching a beta release[1][2], but the latter was never shipped officially.
The author of nftables is Patrick McHardy, who is also the maintainer of netfilter.
The project aims included:
- simplification of the kernel ABI
- reduction of code duplication
- improved error reporting
- more efficient execution, storage, and incremental changes of filtering rules
The currently used iptables, ip6tables, arptables, and ebtables (IPv4, IPv6, ARP, and Ethernet bridging) were to be replaced with a single unified implementation, nftables, implemented at the top of a custom virtual machine.
The project was first publicly presented on Netfilter Workshop in September 2008 in Paris. The first preview release of kernel and userspace implementation was given in March 2009[3]. Although the tool has been called, "...the biggest change to Linux firewalling since the introduction of iptables in 2001", it has received little press.[4] Notable hacker Fyodor Vaskovich (Gordon Lyon) said that he is "looking forward to its general release in the mainstream Linux kernel."[4]
References
- ^ http://www.spinics.net/lists/netfilter-devel/msg12409.html
- ^ http://www.spinics.net/lists/netfilter-devel/msg15690.html
- ^ initial release announcement
- ^ a b Gray, Patrick (March 26, 2009). "NEWS: Linux Gets New Firewall". Risky.biz.
External links
- Official website (removed)
- Corbet, Jonathan (2009-03-24). "Nftables: a new packet filtering engine". LWN.net.
- McHardy, Patrick (2008-09-30). nftables – a successor to iptables, ip6tables, ebtables and arptables (ODP). Netfilter Workshop 2008.
{{cite conference}}: External link in|conferenceurl=|conferenceurl=ignored (|conference-url=suggested) (help)
 | This computer networking article is a stub. You can help Wikipedia by expanding it. |
 | This Linux-related article is a stub. You can help Wikipedia by expanding it. |