Arturo Borrero, wopanga Debian yemwe ali gawo la Netfilter Project Coreteam komanso wosamalira mapaketi okhudzana ndi nftables, iptables ndi netfilter pa Debian, sunthani kutulutsidwa kwakukulu kotsatira kwa Debian 11 kuti mugwiritse ntchito nftables mwachisawawa. Ngati pempholi likuvomerezedwa, mapepala okhala ndi iptables adzatumizidwa ku gulu la zosankha zomwe sizikuphatikizidwa mu phukusi lofunikira.
Fyuluta ya paketi ya Nftables ndiyodziwikiratu chifukwa chophatikiza zosefera paketi za IPv4, IPv6, ARP ndi milatho yama network. Nftables imapereka mawonekedwe a generic okha, odziyimira pawokha pa protocol pamlingo wa kernel womwe umapereka ntchito zoyambira zochotsa deta m'mapaketi, kuchita ma data, ndikuwongolera kuthamanga. Zosefera zokhazokha komanso zogwirira ntchito zapadera zimaphatikizidwa mu bytecode mu malo ogwiritsira ntchito, pambuyo pake bytecode iyi imayikidwa mu kernel pogwiritsa ntchito mawonekedwe a Netlink ndikuchitidwa mu makina apadera okumbukira BPF (Berkeley Packet Filters).
Mwachikhazikitso, Debian 11 imaperekanso ma firewall firewall, opangidwa ngati chomangira pamwamba pa nftables. Firewalld imayenda ngati njira yakumbuyo yomwe imakupatsani mwayi wosintha malamulo osefera paketi kudzera pa DBus osafunikiranso kutsitsanso malamulo osefera paketi kapena kuswa kulumikizana kokhazikika. Kuwongolera firewall, firewall-cmd utility imagwiritsidwa ntchito, yomwe, popanga malamulo, sizichokera pa ma adilesi a IP, ma network olumikizirana ndi manambala a doko, koma pa mayina a mautumiki (mwachitsanzo, kuti mutsegule mwayi wa SSH muyenera thamangani "firewall-cmd -add -service= ssh", kutseka SSH - "firewall-cmd -remove -service=ssh").
Source: opennet.ru