</ul>
</div>
+<div class="slide">
+ <h1>nftables [3.13]</h1>
+ <ul class="incremental">
+ <li>
+ Linux has several firewall APIs - iptables, ip6tables, arptables
+ and ebtables
+ </li>
+ <li>
+ All require a specific kernel module for each type of match
+ and each possible action
+ </li>
+ <li>
+ Userland could only use the four protocol-specific APIs,
+ although the internal netfilter API is more flexible
+ </li>
+ <li>
+ nftables exposes more of this flexibility, allowing userland
+ to provide firewall code for a specialised VM (similar to BPF)
+ </li>
+ <li>
+ nftables userland tool uses this API and is already packaged
+ </li>
+ <li>
+ Eventually, the old APIs will be removed and the old userland
+ tools must be ported to use nftables
+ </li>
+ </ul>
+</div>
+
<div class="slide">
<h1>Questions?</h1>
</div>
projects / kernel-news-talk.git / blobdiff