Nftables 1.0.0 Released

Yay.<p>I learned ipfw. Then ipchains. Then iptables. I got quite good with handcrafting firewalls with all of those at some point. The machines they ran on (for me) range from 80486 to date.<p>This laptop has a ... (fumbles with various commands and searches) ...<p><pre><code> $ sudo nft list rules </code></pre> firewalld and its GUI generates a nftables based firewall.<p>I generally use ufw on servers because it is easy for a simple host based firewall and that is iptables based still. A server host based firewall is generally all about ingress filtering. Egress can be covered more effectively at the edge and at switches&#x2F;internal routers.<p>My laptop needs a far more complicated setup and the ruleset that is dumped by nft is almost legible in the first read. I do use a GUI but it&#x27;s nice to think that I can sit down and spend some time and decide whether my stated policy is what I get at the firewall itself.<p>I don&#x27;t yet use nft at the edge but it feels as though it might do nicely.<p>Your firewalling choice is not something that happens overnight. I&#x27;ll mull over it for at least two more years.

Just going to put this here to save some clicks for people thinking nftables may have anything to do with NFTs:<p>&gt; nftables is a subsystem of the Linux kernel providing filtering and classification of network packets&#x2F;datagrams&#x2F;frames

This is huge. The hash based approach makes speed improvements over complex iptables usage very impressive, in its most common implementations

Is there still a chance of an eBPF based effort (bpfilter) making nftables unnecessary in the near future?

Are there plans to move k8s to nft? Seems like more flexible back-end compared to iptables.