Nftables is a new packet filtering framework which aims at replacing iptables. It has been developed by the Netfilter team who wanted after 10 years of development to get rid of iptables. After a successful introduction in the 3.13 kernel and more than one year in vanilla kernel, nftables evolution has been important. If the main concepts did not change a lot of technical problem and improvement have been made.
This talk will do a summary of these changes describing the one being the most challenging at the technical level. It will alsod focus on the decisions and orientations chosen during the Netfilter workshop in July.
Eric Leblond, Stamus Networks