[Dnsmasq-discuss] dnsmasq Debian 10 ipset nftables

Florent Fourcot florent.fourcot at wifirst.fr
Thu Dec 19 16:20:28 GMT 2019


Currently ipset are filled with Linux netlink interface, so it's fast 
and efficient (not like running an external command). ipset module is an 
iptables extension, and is not supported by nftables.

nftables has built-in same functionality than ipset (no need of an 
extension), and is manageable thanks to netlink as well. But it's not 
included today in dnsmasq.

So If you want to change our firewall after a DNS resolution on dnsmasq, 
you still have to use iptables and not nftables (i.e. iptables-legacy on 
Debian 10).

More information about the Dnsmasq-discuss mailing list