The Linux kernel is a fast-moving project, but change can still be
surprisingly slow to come at times. The nftables project to replace the kernel’s
packet-filtering subsystem has its origins in 2008, but is still not being
used by most (or perhaps even many) production firewalls. The transition
may be getting closer, though, as highlighted by the release of nftables 1.0.0 on
August 19.
もっと詳しく