[PATCH] wg-quick: linux: add support for nft and prefer it
Jordan Glover
Golden_Miller83 at protonmail.ch
Tue Dec 10 19:58:11 CET 2019
On Tuesday, December 10, 2019 5:36 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> On the other hand, if what you say is actually true in our case, and
> nftables is utter crap, then perhaps we should scrap this nft(8) patch
> all together and just keep pure iptables(8). DKG - you seemed to want
> nft(8) support, though. How would you feel about that sort of
> conclusion?
>
> Jason
The only scenario where you really want to use nft is where iptables command
doesn't exist. I don't know how realistic scenario it is but I assume it can
happen in the wild. Otherwise calling iptables will take care of both iptables
and nftables automatically if those are supported on system. That's why I
proposed to invert current patch logic.
Jordan
More information about the WireGuard
mailing list