You can find out which variant is in use by looking up the iptables version. The newer iptables-nft command provides a bridge to the nftables kernel API and infrastructure. ![]() nf_tables: Often referred to as iptables-nft.legacy: Often referred to as iptables-legacy.The two variants of the iptables command are: You can use either the nft command or a variant of the iptables command to access the kernel API. The kernel API is how user space programs the kernel. The most important nftables improvement, in the context of this article, is the kernel API. It presented an opportunity to learn from the mistakes made with iptables and improve on them. It lived a good, long life in Linux history, but it wasn't without pain points. In the beginning, there was only iptables. ![]() In this article, I attempt to clarify the relationship between the two variants of iptables and its successor program, nftables. The association between the two utilities is subtle, which has led to confusion among Linux users and developers. In Red Hat Enterprise Linux (RHEL) 8, the userspace utility program iptables has a close relationship to its successor, nftables.
0 Comments
Leave a Reply. |