Toward an eBPF-based clone of iptables


Iptables, which is currently the most common firewall on Linux, has shown several limitations over the years, with scalability as a big concern. This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and synxtax) with current iptables.

Netdev 0x12, The Technical Conference on Linux Networking