Giving up on nftables


Supposedly, nftables is the successor to iptables. So when implementing a firewall for UBOS, the logical thing to do is to use the new thing instead of the clumsier old thing.

But I give up. I cannot figure out how this thing works. All the how-to pages that I found essentially have the same examples, copied from the nftables distribution. They are all trivial or incomplete. I doubt that anybody who has written those how-to pages has ever run nftables in anger. The netfilter mailing list was of some help, but only some.

And if you read this, and have nftables running on a router that does masquerading, please post your full configuration in the comments. Thank you.

In the meantime, it’s back to iptables.