Xtables is a packet filter for the Linux kernel. Its origins trace back to ip_tables and its siblings ip6_tables, arp_tables and ebtables that were originally authored in 1999 et seq., and worked on since by the many nameful contributors. Together, ip-ip6-arp-ebtables is retroactively referred to as Xtables(1), based upon the concepts shared and the kernel module name for shared code portions, x_tables.ko.
Xtables2 is an effort to do gradual improvements and modernize the packet filter, with input from especially the user community itself. You will find, so I hope, no need to relearn an entire system, at any level. Xt2 intends to displace the classic iptables setsockopt ABI — bothipt and xt2 can be run concurrently — and morphs the userspace tool into one that uses the new Netlink-based interface.
2013-Jan-10. libnetfilter_xtables-0.9.1 and xtadm-1.5.0
have been released. xtadm is the command-line interface to the Xtables2
packet filter, similar to iptables. This is currently beta, don't
expect it to do everything just yet.
LWN.net editor Jake Edge has also written a summary report about the submission. ((Please do consider supporting the work
of LWN by subscribing.)
2012-Dec-14. A roadmap document has been posted.
2012-Dec-13. The merge request for Xtables2 has been issued after prior RFCs for various stages had been posted on 2012-Nov-02, 2012-Nov-15 and 2012-Dec-04. The current set of Netlink messages defined for Xt2 is referred to as “A9” (architecture draft 9).
For those wishing to look into more history, there are more track records. For A8: thread of 2012-Jan-19, thread of 2012-Jan-20. For A5: thread from 2010-Jun-29 (back then as a setsockopt compat layer which is on ice now in favor of a “pure” Netlink approach).
Designed for CSS-less browsing too
Last modified: 2013-02-04 19:49 UTC