• ganymede
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    3 years ago

    there is some/broad consensus that we can do better than iptables these days

    oh yeah i have no doubt about that. just wondering what a healthy timeline looks like for the transition.

    i don’t follow it especially closely, but had the impression bpf is still in the maturing phase regarding vulnerabilities. hopefully that is at least in part a sign it is being actively inspected and hardened with this purpose in mind - and i’m sure iptables still has many lurking vulns.

    in summary, agree some form of transition is likely inevitable. wondering what the timeline will look like.