Nftables or Iptables/Ebtables for a simple linux bridge?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

I have done a lot of research, and am unable to decide which way to go
for my planned linux bridge implementation:

iptables+ebtables

or

nftables

All my initial insecure beginner's steps are in the topic on Gentoo
Forums:

A Firewalled Internet Access to Internal Subnet
https://forums.gentoo.org/viewtopic-t-1041028.html

And I posted about my query on another topic on Gentoo Forums, where a
(probably young) talented member attempts to deploy somewhat similar
setup, but the two (very) senior Gentooers in their advice they mete to
him, keep to Iptables only.

They never ever even mention Nftables... Have a look:

PPPoE and static subnet setup
https://forums.gentoo.org/viewtopic-t-1040272.html

Why is that? Those are senior members...

For my setup, that you can glean, maybe best if you go to this post in
my ample and painstaking wandering:

( same: "A Firewalled Internet Access to Internal Subnet" topic)
https://forums.gentoo.org/viewtopic-t-1041028.html#7897936

there is plenty of tutorials if I go the Iptables and the Ebtables way...

And my question to the list is: where are the corresponding Nftables tutorials for a setup like mine?

Or should I better stick with the Iptables/Ebtables?

Pls. also notice the questions I posted today on:

( sae: "PPPoE and static subnet setup" topic )
https://forums.gentoo.org/viewtopic-t-1040272.html#7899080
esp. what "There is currently no connection tracking available for
bridge filtering." on Nftables Wiki means.

WARNING opfront: I am sincere, but not a programmer, nor very advanced
user either, and it may be possible what I propose below, but it also
may be that I wouldn't be able to really test as proper tester:

I'd even be willing to try and do some testing with Nftables (simply
because of the good sides of the new concept), if developers were sure
they can achieve a result that, in some, even longer, but forseeable
future, could be as good as what can be achieved with Iptables/Ebtables.

(
I hope you also read the paragraph previous to that offer.

AND ANOTHER NOTE: you may need to have a lot of patience, but I would
post all here on the list and other readers could assist.
)

Regards!

-- 
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux