Nftables: Difference between revisions
DSisyphBot (talk | contribs) m r2.7.2) (Robot: Removing pt:Nftables |
No edit summary |
||
Line 21: | Line 21: | ||
| size = |
| size = |
||
| language = |
| language = |
||
| status = |
| status = In development |
||
| genre = [[Firewall (computing)|packet filtering]] |
| genre = [[Firewall (computing)|packet filtering]] |
||
| license = [[GNU General Public License|GPL (version 2)]] |
| license = [[GNU General Public License|GPL (version 2)]] |
||
| website = [http://netfilter.org/projects/nftables/ netfilter.org/projects/nftables] (removed in 2009) |
| website = [http://netfilter.org/projects/nftables/ netfilter.org/projects/nftables] (removed in 2009) |
||
}} |
}} |
||
'''nftables''' |
'''nftables''' is an engine and administration tool for packet filtering and classification for [[Linux]], intended to replace [[iptables]]. The project stayed in alpha stage and the official website was removed in 2009. In March 2010, emails from the author on the project mailing lists showed the project was still active and approaching a beta release<ref>http://www.spinics.net/lists/netfilter-devel/msg12409.html</ref><ref>http://www.spinics.net/lists/netfilter-devel/msg15690.html</ref>, but the latter was never shipped officially. In October 2012, Pablo Neira Ayuso proposed an compatibility for iptables <ref>http://www.spinics.net/lists/netfilter-devel/msg23831.html</ref> and announced a possible inclusion of the project into mainstream kernel. |
||
The author of nftables is Patrick McHardy, who is also the maintainer of [[netfilter]]. |
The author of nftables is Patrick McHardy, who is also the maintainer of [[netfilter]]. |
Revision as of 06:54, 26 October 2012
Original author(s) | Patrick McHardy |
---|---|
Developer(s) | Patrick McHardy |
Stable release | 0.01-alpha1
/ March 18, 2009 |
Preview release | |
Repository | |
Written in | C |
Operating system | Linux |
Type | packet filtering |
License | GPL (version 2) |
Website | netfilter.org/projects/nftables (removed in 2009) |
nftables is an engine and administration tool for packet filtering and classification for Linux, intended to replace iptables. The project stayed in alpha stage and the official website was removed in 2009. In March 2010, emails from the author on the project mailing lists showed the project was still active and approaching a beta release[1][2], but the latter was never shipped officially. In October 2012, Pablo Neira Ayuso proposed an compatibility for iptables [3] and announced a possible inclusion of the project into mainstream kernel.
The author of nftables is Patrick McHardy, who is also the maintainer of netfilter.
The project aims included:
- simplification of the kernel ABI
- reduction of code duplication
- improved error reporting
- more efficient execution, storage, and incremental changes of filtering rules
The currently used iptables, ip6tables, arptables, and ebtables (IPv4, IPv6, ARP, and Ethernet bridging) were to be replaced with a single unified implementation, nftables, implemented at the top of a custom virtual machine.
The project was first publicly presented on Netfilter Workshop in September 2008 in Paris. The first preview release of kernel and userspace implementation was given in March 2009[4]. Although the tool has been called, "...the biggest change to Linux firewalling since the introduction of iptables in 2001", it has received little press.[5] Notable hacker Fyodor Vaskovich (Gordon Lyon) said that he is "looking forward to its general release in the mainstream Linux kernel."[5]
References
External links
- Official website (removed)
- Corbet, Jonathan (2009-03-24). "Nftables: a new packet filtering engine". LWN.net.
- McHardy, Patrick (2008-09-30). nftables – a successor to iptables, ip6tables, ebtables and arptables (ODP). Netfilter Workshop 2008.
{{cite conference}}
: External link in
(help); Unknown parameter|conferenceurl=
|conferenceurl=
ignored (|conference-url=
suggested) (help)