What is the relationship or difference among iptables, xtables, iptables-nft, xtables-nft, nf_tables, nftables
I have been reading for a while now.
What I understood is:
nftables is the modern Linux kernel packet classification framework. nftables is the successor to iptables. It replaces the existing iptables, ip6tables, arptables, and ebtables framework.
x_tables is the name of the kernel module carrying the shared code portion used by iptables, ip6tables, arptables and ebtables thus, Xtables is more or less used to refer to the entire firewall (v4, v6, arp, and eb) architecture. As a system admin, I should not worry about xtables / x_tables (some people use the underscore, so not sure whether xtables is same as x_tables or not) which is actually some code in the kernel.
nftables uses nf_tables, where nf_tables is the name of the kernel module. As a system admin, I should not worry about nf_tables which is actually some code in the kernel.
iptables-nft is something that looks like iptables but acts like nftables. Its whole purpose is to migrate from iptables to nftables.
iptables-nft uses xtables-nft, where xtables-nft is the name of the kernel module. As a system admin, I should not worry about xtables-nft.
Please let my know whether the above statements are right or wrong. If wrong then please give me the correct statement.
Last edited by blueray; 01-25-2022 at 07:51 AM.
|