GSoC/GCI Archive
Google Summer of Code 2013

Netfilter Project

Web Page: http://1984.lsi.us.es/~pablo/nf-ideas.txt

Mailing List: mailto:gsoc2013@lists.netfilter.org

Netfilter is a free software community-driven project, launched in 1998, that provides firewalling tools for the GNU/Linux operating system. The Netfilter Workshop (NFWS) is the main event organized for and by the Netfilter developers community.

netfilter.org is home to the software of the packet filtering framework inside the Linux 2.4.x and later kernel series. Software commonly associated with netfilter.org is iptables.

Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target).

netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together build the major parts of the framework.

Projects

  • GSoC 2013, Detect rule-set inconsistencies My name is Giuseppe Longo, second year undergraduate student of Computer Science course at University of Bari. I am a network security and open source software enthusiast.
  • Rule-set synchronization daemon I love HA stuff and also firewalling, so I would like to work on the syncronization daemon for nftables.
  • Support for JSON in libnftables Several people spotted during the last Netfilter Workshop in Copenhague that it would be interesting to support JSON in this library. Currently, only XML support is almost complete