After a year and a half of development, the classic toolkit for managing packet filter iptables 1.8.12 has been released. The development of this release has recently focused on components aimed at maintaining backward compatibility – iptables-nft and ebtables-nft. These components provide utilities with the same command line syntax as iptables and ebtables but translate the resulting rules into nftables bytecode. It is important to note that the original set of iptables programs, including ip6tables, arptables, and ebtables, was deprecated in 2018 and has already been replaced by nftables in most distributions.
In the new version of iptables 1.8.12, several key updates and features have been introduced:
- The iptables-nft utility now supports atomic addition and replacement of rules in a single transaction. This allows for smoother rule management processes.
- The xtables-monitor utility has been enhanced to support recognizing operations for deleting base chains (INPUT, FORWARD, OUTPUT) and outputting the command “iptables -X chain_name” in such cases.
- The translation into nftables format of rules with the ‘-p sctp’ protocol is now provided, without requiring the explicit specification of the ‘-m sctp’ module. Similar to TCP and UDP protocols, specifying “-p tcp” or “-p udp” will automatically apply “-m tcp” or “-m udp”.
- Support for ICPM packets info-request and info-reply has been added, enhancing the functionality of iptables.
- Various errors in the iptables-translate and ip6tables-translate utilities, used for converting rules to nftables, have also been fixed to improve performance and accuracy.
/Reports, release notes, official announcements.