

Nftables code merged, expected in Linux Kernel 3.13 - conductor
http://marc.info/?l=linux-netdev&m=138203780210029&w=4

======
conductor
Nftables [0] comes to replace iptables, ip6tables, arptables and ebtables. It
will introduce new common syntax for IPv4, IPv6 and ARP, and it has smaller
kernel-mode code.

Its working process is somewhat similar to BPF (Berkeley Packet Filters): the
rules are being compiled into byte-code at user-level and passed to the kernel
(using the Netlink API) where it is being processed by a state machine.

[0] -
[http://netfilter.org/projects/nftables/](http://netfilter.org/projects/nftables/)

