there is some/broad consensus that we can do better than iptables these days
oh yeah i have no doubt about that. just wondering what a healthy timeline looks like for the transition.
i don’t follow it especially closely, but had the impression bpf is still in the maturing phase regarding vulnerabilities. hopefully that is at least in part a sign it is being actively inspected and hardened with this purpose in mind - and i’m sure iptables still has many lurking vulns.
in summary, agree some form of transition is likely inevitable. wondering what the timeline will look like.
oh yeah i have no doubt about that. just wondering what a healthy timeline looks like for the transition.
i don’t follow it especially closely, but had the impression bpf is still in the maturing phase regarding vulnerabilities. hopefully that is at least in part a sign it is being actively inspected and hardened with this purpose in mind - and i’m sure iptables still has many lurking vulns.
in summary, agree some form of transition is likely inevitable. wondering what the timeline will look like.