blob: 07f11d792796f13a20be7de6c457d01d9bc8060b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
- pkttables
- linked lists instead of blob
- explain current situation
- dynamic rulesets are slow with iptables
- independent of layer 3 protocol
- current code duplication between [ip|ip6|arp]tables
- some matches (mac, interface, ...) are independent anyway
- nfnetlink
- idea
- ctnetlink
- iptnetlink / pkttnetlink
- ulog/queue port to it
- libnfnetlink, libctnetlink, libpkttnetlink
- libiptables / libpkttnetlink
- high-level API for rule-manipulation
- covering all the plugins which are currently part of iptables
- failover / load balancing for stateful firewalls
- slides from OLS
|
