I trying to secure my home network with OpenWRT routers. In this context I started to customize my iptables rules to my needs and found some iptables concepts hard to understand / use.
I’ve discovered that nftables is the NEXT big change in firewall software for Linux based systems (as of ~3.18), replacing iptables which is hard to use or inefficient. More recently, I’ve learnt bpfilter is being merged into Linux 4.18 and it is a “Better Firewall / Packet Filtering” also meant to replace iptables.
Now, I’m quite confused: could you point me to a simple one paragraph description of each technology, nftables/netfilter vs bpfilter ? Are they both trying to solve the same problem / do they overlap? Is there any relationship between the two? I am looking for a short description of each that helps me understand when to use one or the other.
As far as I know, nftables is currently supported in all OpenWRT build targets (Correct me if I'm wrong). I would also like to know your position on supporting eBPF in OpenWRT.