Arturo Borrero, mugadziri weDebian uyo ari chikamu cheNetfilter Project Coreteam uye muchengeti wemapakeji ane chekuita nenftables, iptables uye netfilter paDebian, fambisa kuburitswa kukuru kunotevera kweDebian 11 kushandisa nftables nekukasira. Kana chikumbiro ichi chikabvumidzwa, mapakeji ane iptables anozoendeswa kune chikamu chesarudzo sarudzo dzisingabatanidzwe mune yekutanga package.
Iyo Nftables packet filter inocherechedzwa nekubatana kwayo kwepaketi kusefa nzvimbo dzeIPv4, IPv6, ARP uye network mabhiriji. Nftables inopa chete generic, protocol-yakazvimirira interface pane kernel level inopa mabasa ekutanga ekubvisa data kubva pamapakiti, kuita data mashandiro, uye kuyerera kuyerera. Iyo yekusefa logic pachayo uye maprotocol-chaiwo mabati anounganidzwa mubytecode munzvimbo yemushandisi, mushure meizvozvo iyi bytecode inoiswa mukernel uchishandisa iyo Netlink interface uye inouraiwa mune yakakosha muchina unoyeuchidza BPF (Berkeley Packet Filters).
Nekumisikidza, Debian 11 inopawo ine simba firewall firewalld, yakagadzirwa seyakaputira pamusoro pe nftables. Firewalld inomhanya seyekumashure maitiro ayo inokutendera iwe kuti uchinje zvine simba mitemo yepakiti yefirita kuburikidza neDBus pasina kurodha zvakare iyo packet sefa yemitemo kana kutyora yakamiswa kubatana. Kugadzirisa firewall, iyo firewall-cmd inoshandiswa inoshandiswa, iyo, pakugadzira mitemo, haibvi pa IP kero, network interfaces uye nhamba dzechiteshi, asi pamazita emasevhisi (semuenzaniso, kuvhura mukana weSSH unofanirwa mhanya "firewall-cmd -add -service= ssh", kuvhara SSH - "firewall-cmd -remove -service=ssh").
Source: opennet.ru