Eric Garver

Recent Posts

iptables: The two variants and their relationship with nftables

iptables: The two variants and their relationship with nftables

In Red Hat Enterprise Linux (RHEL) 8, the userspace utility program iptables has a close relationship to its successor, nftables. The association between the two utilities is subtle, which has led to confusion among Linux users and developers. In this article, I attempt to clarify the relationship between the two variants of iptables and its successor program, nftables.

Continue reading iptables: The two variants and their relationship with nftables

Share
Firewalld: The Future is nftables

Firewalld: The Future is nftables

Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

The benefits of nftables have been outlined on the Red Hat Developer Blog:

There are many longstanding issues with firewalld that we can address with nftables that were not possible with the old iptables backend. The nftables backend allows the following improvements:

Continue reading “Firewalld: The Future is nftables”

Share
Open vSwitch: Overview of 802.1ad (QinQ) Support

Open vSwitch: Overview of 802.1ad (QinQ) Support

Open vSwitch (OVS) recently gained support for 802.1ad (QinQ). It can be used as a lightweight alternative to tunnel technologies such as; VXLAN, GENEVE, GRE. A key advantage of QinQ is that it can make use of hardware offload features common in network interface cards (NICs). Only newer NICs support hardware offload for VXLAN and GENEVE. QinQ also incurs less frame processing and has a smaller encapsulation overhead.

Continue reading “Open vSwitch: Overview of 802.1ad (QinQ) Support”

Share