feat req: nftables support #136
Comments
|
Thank you for your suggestion regarding adding nftables support to cproxy. I’d like to highlight that most modern systems include an iptables compatibility layer that allows the Additionally, because cproxy operates using specific cgroups, it is designed not to interfere with existing firewall rules in practice. However, if you encounter any issues where cproxy does interfere with other rules, please feel free to file a bug report so we can investigate and address the problem accordingly. |
xtables is the file that {ip,ip6,arp,eb}tables points to. Since the article seems to interpret xtables as another netfilter frontend or other tool, I will explain it here.
One problem I often run into with xtables is that rules are erased by other applications, rather than affecting them. This problem often occurs when the firewall application(such as firewalld, ufw etc.) is restarted or reloaded, causing the xtables rules to be refreshed. |
There are now many tools that have gradually shifted from xtables to nftables. For example, when networkmanager creates network sharing, it is preferred to use nft to create a rule table controlled and write the corresponding rules. Even cgproxy, which has almost no maintenance in recent years, has achieved nft support.
One of the major advantages of nftables than Xtables is that every tool that needs to set up flow filtration can have its own table. Don't worry about breaking other things
The text was updated successfully, but these errors were encountered: