New firewall for the Linux kernel

Filed under
Linux

The Netfilter development team's Patrick McHardy has released an alpha version of nftables, a new firewall implementation for the Linux kernel, with a user space tool for controlling the firewall.

nftables introduces a fundamental distinction between the user space defined rules and network objects in the kernel: the kernel component works with generic data such as IP addresses, ports and protocols and provides some generic operations for comparing the values of a packet with constants or for discarding a packet.

Firewall rules, which the user defines with the nft tool, are checked by the nft program for correctness and then translated into the required generic operations and kernel objects.

rest here, More here