In the last days I’ve been fighting with nftables.
nftables is the next generation part for package filtering within the kernel space. Not sure if about the ‘next generation’ thing, because there is already another packet filter infrastructure within the kernel or even more? Anyhow, nft was replace on one Vm as the default solution and until recently I didn’t have heard of it.
On my mail server it is the default solution for package filtering, for some reason. I’ve not really configured it. I quite went crazy cause I need to open up an additional port and no iptables rule where present.
Here the first problem cam to show, nftables does not have a good interface or command tool for telling you. iptables does offer a list option that indicating to you what was loaded and what wasn’t. nftable is rather unforgiving to user input that does not exactly follow it’s specification…baeh.
I’m going to follow this up with some details in a later post.