Adoption: Difference between revisions
Jump to navigation
Jump to search
(→others: add IPR link) |
(Homogeinice links) |
||
Line 13: | Line 13: | ||
* http://www.fail2ban.org/ -- the fail2ban tool already includes native support for nftables. | * http://www.fail2ban.org/ -- the fail2ban tool already includes native support for nftables. | ||
* http://www.firewalld.org/ -- firewalld by RedHat is currently developing a native integration with nftables. | * http://www.firewalld.org/ -- firewalld by RedHat is currently developing a native integration with nftables. | ||
* https://suricata-ids.org/ -- suricata can work natively with nftables [https://home.regit.org/2014/02/suricata-and-nftables/ | * https://suricata-ids.org/ -- suricata can work natively with nftables ([https://home.regit.org/2014/02/suricata-and-nftables/ link]) | ||
== virtualization / cloud / infrastructure == | == virtualization / cloud / infrastructure == | ||
* https://github.com/zevenet/nftlb -- nftlb by Zevenet is a nftables-based loadbalancer which can outperform LVS by 10x | * https://github.com/zevenet/nftlb -- nftlb by Zevenet is a nftables-based loadbalancer which can outperform LVS by 10x | ||
* https://www.docker.com/ -- Some discussion happened in the Docker community regarding a native integration with nftables, which could ease some of their use cases [https://github.com/moby/moby/issues/26824 | * https://www.docker.com/ -- Some discussion happened in the Docker community regarding a native integration with nftables, which could ease some of their use cases ([https://github.com/moby/moby/issues/26824 link]) ([https://github.com/robbertkl/docker-ipv6nat/issues/17 link]) | ||
* https://kubernetes.io/ -- Kubernetes does not support nftables yes, but some discussion happened already [https://github.com/kubernetes/kubernetes/issues/45385 | * https://kubernetes.io/ -- Kubernetes does not support nftables yes, but some discussion happened already ([https://github.com/kubernetes/kubernetes/issues/45385 link]). Compat tools may be used to trick kubernetes into using nftables transparently. | ||
* http://openstack.org/ -- Openstack does not support nftables yet. Compat tools may be used to trick neutron and other components into using nftables transparently. | * http://openstack.org/ -- Openstack does not support nftables yet. Compat tools may be used to trick neutron and other components into using nftables transparently. | ||
* https://libvirt.org/ -- there are reports of people running libvirt with nftables for bridge filtering for virtual machines | * https://libvirt.org/ -- there are reports of people running libvirt with nftables for bridge filtering for virtual machines | ||
* https://saltstack.com/ -- SaltStack includes native support for nftables [https://docs.saltstack.com/en/latest/ref/states/all/salt.states.nftables.html | * https://saltstack.com/ -- SaltStack includes native support for nftables ([https://docs.saltstack.com/en/latest/ref/states/all/salt.states.nftables.html link]). | ||
== others == | == others == | ||
* https://openwrt.org/ -- there are reports of people running nftables rather than iptables in openwrt systems | * https://openwrt.org/ -- there are reports of people running nftables rather than iptables in openwrt systems | ||
* https://www.cica.es/ -- this regional [https://en.wikipedia.org/wiki/National_research_and_education_network NREN] uses nftables in the datacenter for their perimetral firewalls [http://workshop.netfilter.org/2017/wiki/index.php/Developer_days.html#nftables_at_CICA.2C_our_experience | * https://www.cica.es/ -- this regional [https://en.wikipedia.org/wiki/National_research_and_education_network NREN] uses nftables in the datacenter for their perimetral firewalls ([http://workshop.netfilter.org/2017/wiki/index.php/Developer_days.html#nftables_at_CICA.2C_our_experience slides]) | ||
* [[Nftables from distributions]] -- all major Linux distribution already include nftables ready to use | * [[Nftables from distributions]] -- all major Linux distribution already include nftables ready to use | ||
* https://www.nano-editor.org/ -- The nano editor includes syntax highlighting for nftables in files with .nft name extension or nft shebang | * https://www.nano-editor.org/ -- The nano editor includes syntax highlighting for nftables in files with .nft name extension or nft shebang |
Revision as of 13:50, 3 April 2018
This page offers some light and data about current nftables adoption in the wider community. As you probably know, the focus of the Netfilter project and community is in replacing the iptables framework with nftables, adding brand new features and refreshing some workflows along the way.
Lots of upstream projects use iptables to handle NAT, filtering, mangling or other networking stuff. Here, the info we know about them, their relationship with nftables and the possibilities for them to migrate to nftables.
Cases
Known cases and examples we could heard of. TODO: extend with more current data.
system / firewalling / management
- http://www.fail2ban.org/ -- the fail2ban tool already includes native support for nftables.
- http://www.firewalld.org/ -- firewalld by RedHat is currently developing a native integration with nftables.
- https://suricata-ids.org/ -- suricata can work natively with nftables (link)
virtualization / cloud / infrastructure
- https://github.com/zevenet/nftlb -- nftlb by Zevenet is a nftables-based loadbalancer which can outperform LVS by 10x
- https://www.docker.com/ -- Some discussion happened in the Docker community regarding a native integration with nftables, which could ease some of their use cases (link) (link)
- https://kubernetes.io/ -- Kubernetes does not support nftables yes, but some discussion happened already (link). Compat tools may be used to trick kubernetes into using nftables transparently.
- http://openstack.org/ -- Openstack does not support nftables yet. Compat tools may be used to trick neutron and other components into using nftables transparently.
- https://libvirt.org/ -- there are reports of people running libvirt with nftables for bridge filtering for virtual machines
- https://saltstack.com/ -- SaltStack includes native support for nftables (link).
others
- https://openwrt.org/ -- there are reports of people running nftables rather than iptables in openwrt systems
- https://www.cica.es/ -- this regional NREN uses nftables in the datacenter for their perimetral firewalls (slides)
- Nftables from distributions -- all major Linux distribution already include nftables ready to use
- https://www.nano-editor.org/ -- The nano editor includes syntax highlighting for nftables in files with .nft name extension or nft shebang
- Institut de Physique de Rennes -- this french research entity seems to be using nftables with ansible (link)