On Tue, Jul 27, 2021 at 04:22:10PM -0500, Alex Forster wrote: > > It should be possible to update iptables-nft to use nft_log from > > userspace (instead of xt_LOG) which removes this limitation, there is > > no need for a kernel upgrade. > > We have been able to migrate some parts of this workload to the > nftables subsystem by treating network namespaces sort of like VRFs. > Unfortunately, we have not been able to use nftables to handle all > traffic, since it does not have an equivalent for xt_bpf. I'm not refering to nftables, I'm refering to iptables-nft.
