On Fri, 17 Aug 2018 16:54:19 +0530
Arun Isaac <arunisaac@systemreboot.net> wrote:

> After we have iterated a few times, and converged on the final patch
> for this service, I will also contribute a similar service for
> ip6tables.


Hi Arun,

thanks for the patch. I have one little comment:

During holidays I read an article about nftables:

https://netfilter.org/projects/nftables/
https://wiki.archlinux.org/index.php/nftables

It aims to be the successor for iptables and is ipv4, ipv6 and others
in one tool/ruleset.

I have no knowledge about the firewall tools, I have no idea of how
mature or accepted that is, I just thought it might be worth
considering instead of writing 3 services.

We already have the userspace package 'nftables' and 'libnftnl' thanks
to Rutger Helling. Maybe he knows more? I put him on CC.

Björn