During this summer I have been working with Netfilter. This Open Source Organization is known for iptables, which is part of their packet filtering framework, destined to allow users and organizations to secure their networks. You can also find part of Netfilter’s work in the Linux kernel.

At the moment Netfilter is working on their new project, nftables, which will replace the actual {ip,ip6,arp,eb}tables framework. My goal in this project was to continue {ip,ip6}tables-translate’s development. With this tool Netfilter aims to ease the transition for their users from the previous framework to nftables. I mainly worked with iptables-translate, this tool transforms iptables’ expressions into nft’s expressions.

Due to the actual status in the development of nftables some components of iptables are not implemented yet in nftables. Most of my work was comprehending a certain feature of iptables and check if nftables had it. Sometimes I found features that could be “translated” but I also found ones that couldn’t. This involved a lot of communication between my mentor, Arturo Borrero, and me.

You can check my contributions to the iptables repository. Keep in mind that GSOC related commits start at 2016-06-14.

The iptables-translate tool is not 100% complete. Here you can have a look at the available translations.