Re: Nftables in jessie?

To: Debian Development <debian-devel@lists.debian.org>
Subject: Re: Nftables in jessie?
From: Frank Bauer <frank.c.bauer@gmail.com>
Date: Sun, 25 May 2014 14:15:09 +0200
Message-id: <[🔎] CAPds5_KGC1FM-NnYN_Kt=AzoJX=PEXWuLyc5Rn5RLnoqm_rt6A@mail.gmail.com>
In-reply-to: <[🔎] CAOkSjBir+ZDhmOWPE2L7ApOFsduUT1exJyx1734SHDTSMcwWMg@mail.gmail.com>
References: <[🔎] CAPds5_LRNTHqC=s7TQCwNrwboo_nhCtiHmn6CbSrBzsz6=xpHA@mail.gmail.com> <[🔎] CAOkSjBir+ZDhmOWPE2L7ApOFsduUT1exJyx1734SHDTSMcwWMg@mail.gmail.com>

On Wed, May 14, 2014 at 4:06 PM, Arturo Borrero Gonzalez
<arturo.borrero.glez@gmail.com> wrote:
>
> Just to let you know: nftables is now on Debian [0].
>
> Comments are welcome :)

nftables migrated to jessie today, so I gave it a try and so far so good.
As I use rather simple iptables config, converting it to the nftables
was a piece of cake with the added benefit of being more compact and
IMHO more readable than before.

For debugging purposes (log action) I was puzzled about not seeing any
logged packets in syslog.
Fortunately https://home.regit.org/2014/02/nftables-and-netfilter-logging-framework/
helped.
There should be some simple guide in the manpage or README.Debian
regarding the extra setup of the logging subsystem.

As there are some config examples in /etc/nftables, I would appreciate
to have subdirectories conf-available and conf-enabled (like Lighttpd
or Apache) and a systemd unit to load these at boot time.

Cheers,
Frank

Reply to:

Follow-Ups:
- Re: Nftables in jessie?
  - From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>

References:
- Nftables in jessie?
  - From: Frank Bauer <frank.c.bauer@gmail.com>
- Re: Nftables in jessie?
  - From: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>

Prev by Date: Bug#748556: #748556 general: Power Off does not work
Next by Date: Re: Nftables in jessie?
Previous by thread: Re: Nftables in jessie?
Next by thread: Re: Nftables in jessie?
Index(es):
- Date
- Thread