comments on nftables in README? #64
Comments
|
Sorry, forgot the low-hanging fruit. Maybe at a minimum there should be a brief comment about this in the README? |
|
Keep in mind that vpn-slice uses A rewrite to use nftables for this case should be pretty trivial. PRs welcome! |
|
My, that is self-contained. If there's a corresponding set of command-line arguments to an nftables utility, that would be pretty easy. The hard part would be ... well, maybe adding a command-line flag on the script to indicate which version to use? Keep in mind that I'm a PL person, I know next to nothing about networking. |
|
It should be easy to autodetect whether nftables or iptables should be used, based on the presence/absence of the nftables binaries. (I have no idea what PL stands for.) |
|
dlenski, any update for this enhancement? I am using a nftable firewall rather than iptables, so looking forward to a version which support nftables. |
|
Nope. I don't use |
I'm in the process of setting up split-tunneling on a Debian 10 machine, and I'm ... concerned? ... about a possible conflict between iptables and nftables. Specifically, I've set up a firewall using a dead simple nftables config file, and I'm worried that installing iptables utilities and unleashing split-vpn will... mess things up.
... okay, much internet-reading later ...
It looks like there are compatibility layers in place for iptables over nftables -- in Debian 10, it looks like this is what you get in the package
iptables--but I'm definitely getting the feeling that going forward, the thing "to do" (so yes I guess this is really just a feature/enhancement request) is to rewrite to target nftables directly.Um... and then support both nftables and iptables for legacy systems. Ha! Ha! Software maintenance is fun!
The text was updated successfully, but these errors were encountered: