ufw

Feasability of a nftables port

Bug #1880453 reported by Hensig on 2020-05-25

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	ufw	Triaged	Wishlist	Unassigned

Bug Description

Is it possible this application can be ported, or otherwise add support, for nftables? It might be able to take advantage of inet to reduce ruleset complexity where doubles are typically needed for ip and ip6.

Tags:

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2020-05-26:

Please note that ufw today can use the iptables-nft backend (and does on, for example, Debian testing/sid today). This doesn't address your comment about ruleset complexity of course but does mean that if your system is using the nft iptables wrappers, it is compatible with other software on the system using nftables.

ufw is written with the concept of backends and it would be possible to port backend_iptables.py to a new backend_nftables.py. This is doable and planned in the medium to long term. I suspect there would be a need for some cleanups (especially in the testsuite) for this to be a reality though since there has only ever been one ufw backend.

Changed in ufw:
status:	New → Triaged
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.