20 lines
610 B
Plaintext
20 lines
610 B
Plaintext
- pkttables
|
|
- linked lists instead of blob
|
|
- explain current situation
|
|
- dynamic rulesets are slow with iptables
|
|
- independent of layer 3 protocol
|
|
- current code duplication between [ip|ip6|arp]tables
|
|
- some matches (mac, interface, ...) are independent anyway
|
|
- nfnetlink
|
|
- idea
|
|
- ctnetlink
|
|
- iptnetlink / pkttnetlink
|
|
- ulog/queue port to it
|
|
- libnfnetlink, libctnetlink, libpkttnetlink
|
|
- libiptables / libpkttnetlink
|
|
- high-level API for rule-manipulation
|
|
- covering all the plugins which are currently part of iptables
|
|
|
|
- failover / load balancing for stateful firewalls
|
|
- slides from OLS
|