6

I trying to secure my home network with OpenWRT routers. In this context I started to customize my iptables rules to my needs and found some iptables concepts hard to understand.

I've discovered that nftables is the NEXT big change in firewall software for Linux based systems (as of ~3.18), replacing iptables which is hard to use or inefficient. More recently, I've learnt bpfilter is being merged into Linux 4.18 and it is a "Better Firewall / Packet Filtering" also meant to replace iptables.

Now, I'm quite confused: could you give me a one sentence description of each technology, nftables/netfilter vs bpfilter? Are they both trying to solve the same problem / do they overlap? Is there any relationship between the two? I am looking for a short description of each to understand when to use one or the other.

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
BogdanBiv
  • 161
  • 5
  • [Is there any tooling for bpfilter allowing to configure a firewall?](https://stackoverflow.com/questions/54357292/is-there-any-tooling-for-bpfilter-allowing-to-configure-a-firewall/54363894#54363894) . Well the main difference as of today (or a few months ago), is it's really hard to try and use bpfilter, and for now it would just translate iptables features rather than being a full-fledged tool. So the question becomes for now: "What is the difference between nftables and iptables?". – A.B Dec 07 '19 at 15:42

0 Answers0