Nftables in Lede

Is there a reason iptables is still used over nftables in Lede? Are there any good reasons for and against switching to nftables in the near future? Have been reading about nftables lately, and I was just curious about this :slight_smile: Hence my question. Thank you very much in advance!

2 Likes

The reason is that we didn't yet find the time to port fw3 to nftables.

2 Likes

Thank you very much for your simple explanation :slight_smile:

For me, at least, nftables is a lot more "sane and readable" than iptables. When the time comes to move over, please feel free to reach out for help in either coding or testing.

1 Like

That is exactly my case currently. Just switching from 'professional' routers to LEDE and bought WRT1900ACS. First thing I though - as long as I start with LEDE and opensource, maybe it makes sense to start directly from nftables as it is/will be successor for iptables anyway. So I'm struggling now a bit getting image for WRT1900ACS the way I want, where iptables is removed and fully replaced by nftables.

Is there any timeline, are you working on it? Can I help in any way?

No. You can help by porting https://git.openwrt.org/?p=project/firewall3.git;a=summary from iptables backend to nftables

1 Like

I hope I'm not asking for too much.
I want to hep but I'm not used to working with git and branches, merges, etc.
Can you give me a basic intro? Or show me a place where it teaches?
Thanks!
BTW, are you planning to do this in the future or not thinking about it for now?

I hate to say this, but https://www.google.com/search?q=git+tutorial provides a pretty good list.

Many of us learned git years ago, so knowing what tutorials are "good" is a challenge. Wrap your head around that a branch is merely a pointer to a specific state, not a path taken to get to that state, and it will start to make sense, especially if you come from things like CVS, svn, or the like.

jow and most of the lead devs are probably pretty wrapped up in getting v19 branched, tested, and released right now, so major changes like this are probably at least a couple months before they reach consideration for prioritization.

Ok, I have tried to see what's up from the link @jow mentioned but I forgot, firewall rules aren't something that I work with so I can't really help with that, sadly, but I'm looking forward to see it working!
I will try to learn about git to maybe help improve things in a way I know how to! :smiley:
I'll be tracking firewall changes in the near future.