@feld
Ok. I don't know IPFW. I use PF on FreeBSD and OpenBSD. I love the syntax of PF. It's so better than Netfilter.
@kravietz
Follow

@qdemouliere @feld

iptables is totally screwed up, but have you tried nftables?

I've converted all my Linux servers to nftables specifically due to its syntax similarity to BSD

Β· Β· 1 Β· 0 Β· 0
@kravietz @qdemouliere @feld

may I ask you to expand the similarity between nftables and pf?
@loweel @kravietz @feld I read quickly documentation about nftables but i know better iptables. And since i tried PF, i lost interest for Netfilter.
@qdemouliere @feld @kravietz

I understand that. I was just curious about how nftables was "similar to BSD pf".....I am not arguing, I just ask....

Perhaps the good of iptables was the one-liner capability (in some cases), while it looks like this is somehow limited in nftables...

@loweel @feld @qdemouliere

No, you can do both in nftables. Either command-line one liners:

nft add element inet main ossec4 { 10.10.10.10, 10.10.10.20 }

Or the same in config file format which is more suitable for atomic loads.

@loweel @feld @qdemouliere

The main one: rather than series of rather ugly command-line `iptables -A` calls, `nftables` is a quite elegant language.

@kravietz @feld @qdemouliere

this has a little to do with pf, honestly. I am a happy user of pf , and being honest I can't see how nftables is similar...
Sign in to participate in the conversation
Mastodon πŸ” privacytools.io

Fast, secure and up-to-date instance. PrivacyTools provides knowledge and tools to protect your privacy against global mass surveillance.

Website: privacytools.io
Matrix Chat: chat.privacytools.io
Support us on OpenCollective, many contributions are tax deductible!