openvpn - iptables or nftables

sebastian

7/10/24, 5:29 PM

Iptables has been around for a long time, but nftables seems to be picking up steam. I've noticed in newer distributions of Kubernetes images (aws, etc) no longer have the iptables kernel module baked into them. I run Openvpn from a kubernetes pod, and as the underlying host's kernel doesn't have the iptables kernel module baked into it, i'd have to do my own custom image.

I'm trying to debate whether I should make the leap now towards nftables or continue to stick with iptables. I'm finding however that most documentation (like the ones here on openvpn.net) don't make any reference to nftables, but iptables. i also find far fewer sites on the internet discussing nftables with openvpn.

should i migrate to nftables or stick to what appears to be tried and true with openvpn, which is iptables?

what is the future of iptables?

what would/do you do?

0 + 1

vpn

openvpn

larsks

7/10/24, 9:59 PM

It's pretty common for distributions to use a version of the `iptables` command that actually talks to `nftables` on the backend. You could presumably use the same thing in your image.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: openvpn - iptables or nftables

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.