I know I am sounding naive, but I am still unable to find even a single reason to switch to nft. Not even the simple syntax, as I am comfortable with iptables and ipset fo r last 13 years. Even its performance is at times worst than iptables when simple rules are tested. When inline sets are used, then also performance is subpar as compared with iptables+ipset. Even dictionaries can be be managed with ipset + skbmark and give better result. I am unable to find a use-case, in my limited thinking, where nft outperforms iptables+ipset. Is it like we are meanwhile focusing on features and performance is a secondary aspect as of now and will be seen later OR I am simply missing an obvious thing?? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
