alt Hacker Newsnftables syntax is pretty tough to read. I wonder why they didn't go for an easier to read DSL. I do understand it's likely super fast to parse though, and has a 1:1 relationship to its struct in the kernel.
Replies
tuetuopay • today at 2:31 PM
I’ll pick nftables over iptables any day, it’s leagues better (granted, it’s not hard). The nftables wiki is great, as the syntax and modules are documented in a single easy to read page.
As an added bonus, you get atomic updates of all chains for free.
Granted, for simple usecases, ufw or firewalld may be simpler though.
➕ show 1 reply
I personally stick to iptables. nftables does not seem to be an improvement at all. iptables is terse but logical.