Why is the kernel community replacing iptables with BPF?

An interesting introduction to how Linux currently does packet filtering and how changing to BPF will improve performance.<p>The really amusing thing to me (an OpenBSD user) was the omission of any discussion of the origin of BPF, or even spelling out the acronym (it&#x27;s the Berkeley Packet Filter).<p>Those GPL guys really really hate acknowledging anything to do with Berkeley! :) Even though in this case it&#x27;s not directly the University of California, Berkeley but instead the origin of BPF is the Lawrence Berkeley Laboratory.

I posted this on a similar current HN thread about BPF, but also relevant here. See Poettering&#x27;s blog for how you can do very cool access control things via systemd taking advantage of EBPF:<p><a href="http:&#x2F;&#x2F;0pointer.net&#x2F;blog&#x2F;ip-accounting-and-access-lists-with-systemd.html" rel="nofollow">http:&#x2F;&#x2F;0pointer.net&#x2F;blog&#x2F;ip-accounting-and-access-lists-with...</a>

So what about the elephant in the room, nftables? Are they basically dead in the water now?