After a year of development, the classic tool filter iptables 1.8.11 has been released. The focus of the recent development has been on maintaining reverse compatibility with components such as iPtables-NFT and EBTables-NFT, which now provide utilities with the same team string syntax as IPTABLES and EBTables, but broadcast the obtained rules into Nftables. The original set of IPTABles programs, including IP6Tables, Arptables, and Ebtables, became obsolete in 2018 and has been replaced by NFTables in most distributions.
In the new version, several updates have been made:
- Added a new utility arptables-translate designed to translate the arptables rules into Configuration format for use with NFTables.
- In the utility ebtables-nft, new commands “–change-Counters”, “-ureplace”, and “–List-RULES” have been added. The possibility of specifying meters for the rules using the syntax “-c n, m” has been included, as well as the option to zero individual rules.
- The utility iptables-translate now supports tproxy and extensions of XT_SOKET for socket checks, with unified protocol name definitions.
- In the utility iptables, a feature has been added to search for extensions for DCCP and IPCOMP protocols to achieve consistency with iptables-save behavior.
- The utility iptables-save has excluded calls to Getprotobynumber() to improve performance when processing large sets of rules.
- There is now the option to disconnect the assembly with libnfnetline.
/Reports, release notes, official announcements.