最近用 firewall-cmd 做一些网络问题上的实验,困惑于本后的工作原理。做了一些quick search,整理一些文章,当作以后备忘吧。
https://medium.com/@iced_burn/compare-firewalld-iptables-nftables-netfilter-de08a8d21b5b
https://ungleich.ch/en-us/cms/blog/2018/08/18/iptables-vs-nftables/#:~:text=IPtables%20is%20able%20to%20inspect%2C%20modify%20or%20drop%20network%20packets.&text=Nftables%20(developed%20by%20netfilter%2FIPtables,terms%20of%20performance%20and%20scalability.
https://firewalld.org/2018/07/nftables-backend
懒得看链接的话,直接看图,一目了然