<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>It's been on my todo list for a little bit. I do know what you mean, though. I was just getting happy that I no longer need to consult the iptables man pages with uncommon usages anymore. :)</div><div><br></div><div>However, as with so many other things in the forward march of time, it will be better to know. One tool with a very small, generic, and secure implementation in the kernel, instead of tens of thousands of duplicated lines of code which can be controlled using a command line utility or netlink socket, and relies an your knowledge of little more than the requirements expressed as packet processing instructions.</div><div><br></div><div>For example, if you want to prohibit all (unencapsulated) IPv4 traffic, you just drop packets that show a version 4 IP header. No more custom kernel modules going up to layer 7, and no more upgrading the kernel to upgrade the firewall capabilities. <br><br>Sent from my iPad</div><div><br>On Jan 20, 2015, at 2:22 PM, James Sumners <<a href="mailto:james.sumners@gmail.com">james.sumners@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 20, 2015 at 2:06 PM, Michael Trausch <span dir="ltr"><<a href="mailto:mike@trausch.us" target="_blank">mike@trausch.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Just a reminder that it is time to learn the new packet filter: nftables replaces iptables, ip6tables, ebtables, etc and works with the whole stack and is more efficient. (I myself need to spend a few days working with it.)</blockquote></div><br>Oh wtf? This is the last thing I needed.<br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>James Sumners<br><a href="http://james.sumners.info/" target="_blank">http://james.sumners.info/</a> (technical profile)</div><div><a href="http://jrfom.com/" target="_blank">http://jrfom.com/</a> (personal site)</div><div><a href="http://haplo.bandcamp.com/" target="_blank">http://haplo.bandcamp.com/</a> (band page)</div></div></div></div></div>
</div></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Ale mailing list</span><br><span><a href="mailto:Ale@ale.org">Ale@ale.org</a></span><br><span><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a></span><br><span>See JOBS, ANNOUNCE and SCHOOLS lists at</span><br><span><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a></span><br></div></blockquote></body></html>