On 18/10/24 7:46 am, David C. Rankin wrote:
From reading, it seems nftables is just larger and more complex netfilter project (and yes it does more -- if you need it). Both iptables and nftables are actively developed, so it's not like one is deprecated.
No. Iptables (legacy) that Arch uses by default has been deprecated in 2018 (almost 6 and half years back) and not recommended anymore.
We are pushing that Arch switch to iptables with nftables as backend, by default. This is what many major distros have done too.
So old scripts (using iptables) still continue to work but with better and newer framework.
For more details, see: [1] Two variants of iptables https://developers.redhat.com/blog/2020/08/18/iptables-the-two-variants-and-their-relationship-with-nftables#summary [2] Netfilter workshop 2018 https://ral-arturo.org/2018/06/16/nfws2018.html Amish
