X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;ds=sidebyside;f=index.html;h=2a4f38d74627a3a35d110796471338204251e8c2;hb=4f955d79c15ba448955d1861edb0cb848dafdf08;hp=3a07e304378b0f083bda86cb49c01305dded7289;hpb=a4c76f99af3d219fdcd4c146998230e2b05b394f;p=kernel-news-talk.git
diff --git a/index.html b/index.html
index 3a07e30..2a4f38d 100644
--- a/index.html
+++ b/index.html
@@ -276,6 +276,35 @@
+
+
nftables [3.13]
+
+ -
+ Linux has several firewall APIs - iptables, ip6tables, arptables
+ and ebtables
+
+ -
+ All require a specific kernel module for each type of match
+ and each possible action
+
+ -
+ Userland could only use the four protocol-specific APIs,
+ although the internal netfilter API is more flexible
+
+ -
+ nftables exposes more of this flexibility, allowing userland
+ to provide firewall code for a specialised VM (similar to BPF)
+
+ -
+ nftables userland tool uses this API and is already packaged
+
+ -
+ Eventually, the old APIs will be removed and the old userland
+ tools must be ported to use nftables
+
+
+
+
Questions?