Arturo Borrero, moqapi Debian, karolo ea projeke ea Netfilter Coreteam le mohlokomeli ho Debian liphutheloana tse amanang le li-nftables, li-iptables le netfilter, fetolela tokollo e kholo e latelang ea kabo Debian 11 ho sebelisa li-nftables ka boiketsetso. Haeba tlhahiso e amoheloa, liphutheloana tse nang le li-iptables li tla fetisetsoa kabong ea boikhethelo, e seng ea mantlha.
Filter ea pakete ea Nftables e hlokomeleha ka ho kopana ha eona ha li-interface tsa ho sefa lipakete bakeng sa IPv4, IPv6, ARP le marokho a marang-rang. Nftables e fana feela ka sebopeho se ikemetseng, se ikemetseng sa protocol boemong ba kernel se fanang ka mesebetsi ea mantlha bakeng sa ho ntša data ho lipakete, ho etsa ts'ebetso ea data, le taolo ea phallo. Mokhoa oa ho sefa ka boeona le li-protocol-specific handlers li hlophisitsoe ka bytecode sebakeng sa mosebedisi, ka mor'a moo bytecode ena e kenngoa ka har'a kernel e sebelisa sebopeho sa Netlink ebe e etsoa ka mochine o khethehileng o hopotsang BPF (Berkeley Packet Filters).
Ka boiketsetso ho Debian 11 e boetse e fana ka maikutlo a ho sebelisa firewall e matla ea firewalld, e kenngoeng tšebetsong e le sephutheloana holim'a li-nftables. Firewalld e sebetsa e le ts'ebetso ea semelo, e lumellang phetoho ea melao ea sefe ea lipakete e matla ka DBus, ntle le ho kenya melao ea sefe ea lipakete hape kapa ho sitisa likhokahano tse thehiloeng. Sesebelisoa sa firewall-cmd se sebelisetsoa ho laola firewall, e sa itšetleheng ka Liaterese tsa IP, li-interface tsa marang-rang le linomoro tsa koung, empa ho tsoa mabitsong a lits'ebeletso (mohlala, ho bula phihlello ho SSH, o hloka ho tsamaisa "firewall-cmd —add —service=ssh", ho koala SSH — "firewall-cmd —remove —service=ssh").
Source: opennet.ru
