Firewalling, NAT and packet mangling for Linux
netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and later kernel series. Software commonly associated with netfilter.org are iptables and nftables.
Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
nftables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers and one or more actions.
netfilter, ip_tables, nf_tables, connection tracking (nf_conntrack) and the NAT subsystem together build the major parts of the framework.
Netfilter project 2019 Projects
Adding missing features in nftablesI would like to work implementing missing features in nftables. My plan is to work on the following subtasks: extending stateful object...
Missing feature implementation in nftablesAt the end of the project nftables’ feature set should very closely match that of iptables. This project has the objective of implementing all the...
Project for developing automated tests and other new features for nftablesThis project will be focused towards developing the missing features in nftables which are present in iptables. Features such as "-m time support" to...