On Thu, 18 Apr 2024 16:11:13 +0200 Florian Kauer wrote: > So the basic idea is to maintain the iptables and/or nftables > interface and "just" translate them to BPFs in the back. So no need > to write C if you don't want to. Then nftables can be used against DDoS with the BPF performance, right? Has this made it to the mainline kernel or it is still something experimental?