Difference between revisions of "Moving from ipset to nftables"

From nftables wiki
Jump to: navigation, search
(create page with basic content)
(add link to legacy xtables tools)
Line 13: Line 13:
* [[Dictionaries]]
* [[Dictionaries]]
* [[Maps]]
* [[Maps]]
* [[Legacy xtables tools]]

Revision as of 16:11, 20 June 2018

If you are moving from iptables to nftables and you used ipset, some considerations should be taken into account.

  • There are no translation/compat tools right now to help in the task. This may change in the future.
  • ipset uses explicit set types, like hash:net,port,net which you need to translate to nftables native data types (like ipv4_addr . inet_service . ipv4_addr)
  • nftables support mappings and dictionaries, so you could take actions directly from matching elements in the set.

In most cases, direct equivalencies can be found of ipset features. In most cases, it worth evaluating nftables native features to benefit from them when migrating from ipset to nftables.

See also