Linux Today: Linux News On Internet Time.

First release of nftables

Mar 20, 2009, 13:02 (0 Talkback[s])
(Other stories by Patrick McHardy)

"There are three main components:

- the kernel implementation
- libnl netlink communication
- nftables userspace frontend

"The kernel provides a netlink configuration interface, as well as runtime ruleset evaluation using a small classification language interpreter. libnl contains the low-level functions for communicating with the kernel, the nftables frontend is what the user interacts with.


"The first major difference is that there's no one-to-one relation of matches and targets available to the user and those implemented in the kernel anymore. The kernel provides some generic parameterizable operations, like loading data from a packet, comparing data with other data etc. Userspace combines the individual operations appropriately to get the desired semantic."

Complete Story

Related Stories: