Next-gen iptables software enhances network security with improved packet filtering and sophisticated rules engine. This software is designed to provide advanced firewall solutions for modern cloud and containerized environments.
To solve this problem, the creator of iptables-TNG developed a new version, offering interactivity as well as the ability to use multiple and different classification algorithms for every chain. For example, one chain (e.g. 'OUTPUT' in filter) can use a linear classifier while another chain (e.g. 'FORWARD' in filter) can use tuple.
The software's code, both in the user space and kernel space, has been completely changed from the previous version. This new version allows for easy development of new algorithms and introduces two classification algorithms: linear and tuple. Tuple is more powerful and uses hash tables for rules storage, as well as hash functions to find all possible matching rules.
One important feature of this version is "Ranking". Rules are ranked based on their location in the list of Chain's rules, which means hashing the rules doesn't create any problem because the algorithm must test the rule with the lowest rank from the rules that may match the packet.
The new code uses link lists instead of continuing memory for rule storage, making it more understandable and easier to manage. Additionally, all of the rule management activities are transferred to the kernel space which helps to optimize performance.
Overall, iptables-TNG is a powerful option for those who need to handle large rulesets for high bandwidth networks. The software's command line interface remains unchanged and its compatibility with "iptables-save" and "iptables-restore" is still possible.
Version 2.1: N/A