nftables notes

author Ian Kelling <iank@fsf.org>

Sat, 27 Apr 2024 19:47:37 +0000 (15:47 -0400)

committer Ian Kelling <iank@fsf.org>

Sat, 27 Apr 2024 19:47:37 +0000 (15:47 -0400)
author Ian Kelling <iank@fsf.org>
Sat, 27 Apr 2024 19:47:37 +0000 (15:47 -0400)
committer Ian Kelling <iank@fsf.org>
Sat, 27 Apr 2024 19:47:37 +0000 (15:47 -0400)
diff --git a/work.org b/work.org

index 8e10b3c20f6983628005c5abcbae6d3dd3de99fc..abea832031e5bc333e064c2c25d8e311b8562613 100644 (file)
--- a/work.org
+++ b/work.org
@@ -1140,3 +1140,14 @@ EOF
  wget -m ftp://lists.gnu.org/info-gnu
  cd lists.gnu.org/info-gnu
  sed -rn '/^From: /{s/.*@([^> ]*).*/\1/' * | sort -u | while -read -r l; do host -t txt _dmarc.$l; done
+
+* nftables
+
+New librecmc uses this.
+
+iptables-nft command uses the newer nftables kernel API but reuses the
+legacy packet-matching code
+
+iptables -S = nft list ruleset
+
+iptables-translate does translation of iptables arguments (but not -S).
author	Ian Kelling <iank@fsf.org>
	Sat, 27 Apr 2024 19:47:37 +0000 (15:47 -0400)
committer	Ian Kelling <iank@fsf.org>
	Sat, 27 Apr 2024 19:47:37 +0000 (15:47 -0400)