Re: iptables to nftables?

To: debian-user@lists.debian.org
Subject: Re: iptables to nftables?
From: Michel Verdier <mv524@free.fr>
Date: Tue, 06 Aug 2024 21:10:08 +0200
Message-id: <[🔎] 87h6bx3231.fsf@free.fr>
In-reply-to: <[🔎] 20240806141301.bzix33to5l5mwp3h@randomstring.org> (Dan Ritter's message of "Tue, 6 Aug 2024 10:13:01 -0400")
References: <[🔎] 0d152191d370c163b2974910ac73202611d872d8@mxcloud.eu.org> <[🔎] 20240806141301.bzix33to5l5mwp3h@randomstring.org>

On 2024-08-06, Dan Ritter wrote:

> 200 is a lot for a human to manage. You may be able to simplify your
> iptables rules by taking advantage of ipset for large numbers of
> IPs (hash:ip) or ports (bitmap:port) that need similar
> treatment.  That's available in nftables as well.

And udp/tcp ipv4/ipv6 can be mixed in some rules.
But check also if your other programs can use nftables.

Reply to:

References:
- iptables to nftables?
  - From: "Wesley" <wesley@mxcloud.eu.org>
- Re: iptables to nftables?
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: nouveau OK for GTX 970?
Next by Date: Bug in the bus
Previous by thread: Re: iptables to nftables?
Next by thread: nouveau OK for GTX 970?
Index(es):
- Date
- Thread