From nftables wiki
Revision as of 18:41, 23 May 2018 by Arturo (talk | contribs) (add more examples)
Jump to: navigation, search

This page offers some light and data about current nftables adoption in the wider community. As you probably know, the focus of the Netfilter project and community is in replacing the iptables framework with nftables, adding brand new features and refreshing some workflows along the way.

Lots of upstream projects use iptables to handle NAT, filtering, mangling or other networking stuff. Here, the info we know about them, their relationship with nftables and the possibilities for them to migrate to nftables.


Known cases and examples we could heard of. TODO: extend with more current data.

system / firewalling / management

virtualization / cloud / infrastructure

  • -- nftlb by Zevenet is a nftables-based loadbalancer which can outperform LVS by 10x
  • -- Some discussion happened in the Docker community regarding a native integration with nftables, which could ease some of their use cases (link) (link)
  • -- Kubernetes does not support nftables yes, but some discussion happened already (link). Compat tools may be used to trick kubernetes into using nftables transparently.
  • -- Openstack does not support nftables yet. Compat tools may be used to trick neutron and other components into using nftables transparently.
  • -- there are reports of people running libvirt with nftables for bridge filtering for virtual machines
  • -- SaltStack includes native support for nftables (link).
  • -- the CoreOS ecosystem includes native support for nftables (link)


See also