ʻO Arturo Borrero, kahi mea hoʻomohala Debian i ʻāpana o ka Netfilter Project Coreteam a me ka mālama ʻana i nā pōʻai e pili ana i nā nftables, iptables a me ka netfilter ma Debian, e neʻe i ka hoʻokuʻu nui aʻe o Debian 11 e hoʻohana i nā nftables ma ka paʻamau. Inā ʻae ʻia ka manaʻo, e hoʻihoʻi ʻia nā pūʻolo me nā iptables i ka ʻāpana o nā koho koho ʻaʻole i hoʻokomo ʻia i loko o ka pūʻolo kumu.
ʻIke ʻia ka kānana packet Nftables no kona hoʻohui ʻana i nā kānana kānana packet no IPv4, IPv6, ARP a me nā alahaka pūnaewele. Hāʻawi ʻo Nftables i kahi kikowaena generic, protocol-independent interface ma ka kernel level e hāʻawi i nā hana maʻamau no ka unuhi ʻana i ka ʻikepili mai nā ʻeke, hana i nā hana ʻikepili, a me ka mana kahe. Hoʻopili ʻia ka loiloi kānana ponoʻī a me nā mea hoʻohana kikoʻī protocol i ka bytecode ma kahi o ka mea hoʻohana, a laila hoʻokomo ʻia kēia bytecode i loko o ka kernel me ka hoʻohana ʻana i ka interface Netlink a hoʻokō ʻia i kahi mīkini virtual kūikawā e hoʻomanaʻo ana i ka BPF (Berkeley Packet Filters).
Ma ka maʻamau, hāʻawi pū ʻo Debian 11 i ka firewall firewall dynamic, i hoʻolālā ʻia ma ke ʻano he wīwī ma luna o nā nftables. Holo ʻo Firewalld ma ke ʻano he kaʻina hana hope e hiki ai iā ʻoe ke hoʻololi ikaika i nā lula kānana packet ma o DBus me ka ʻole e hoʻouka hou i nā lula kānana packet a i ʻole ka haki ʻana i nā pilina paʻa. No ka mālama ʻana i ka pā ahi, hoʻohana ʻia ka pono firewall-cmd, ka mea, i ka wā e hana ai i nā lula, ʻaʻole i hoʻokumu ʻia ma nā IP address, nā kikowaena pūnaewele a me nā helu port, akā ma nā inoa o nā lawelawe (no ka laʻana, e wehe i ke komo i ka SSH pono ʻoe e. holo "firewall-cmd -add -service = ssh", e pani iā SSH - "firewall-cmd -remove -service = ssh").
Source: opennet.ru