Tootfinder

Rather surprised to see the performance scaling of nftables is so bad compared to iptables, especially as many distros switched to nftables by default some time ago.
I do understand that synthetic benchmarks of firewalls are difficult, and that you are supposed to use the advanced features of nftables (e.g. sets, maps) to express the same filter in fewer rules.
h…

bring back the internet where a search for “why iptables is fucked" lead me to a blog post filled with knowledge and horror

Rather surprised to see the performance scaling of nftables is so bad compared to iptables, especially as many distros switched to nftables by default some time ago.
I do understand that synthetic benchmarks of firewalls are difficult, and that you are supposed to use the advanced features of nftables (e.g. sets, maps) to express the same filter in fewer rules.
h…

things on linux can be mostly deterministic, until you get to the iptables circle of hell

ah yes, a representative for an obscure IPTV app targeting the Latin market, using a Chinese Telegram account made in the past 10 days. not suspicious at all.

#TIL that, on #Linux systems, #Docker bypasses #ufw #firewall rules ( #iptables under the hood ) because of some incompatibility on how they interact with iptables.
Does anyone know if the same happens with #Podman ?