Be the first to post a text review of IPtables-tng. Rate and review a project by clicking thumbs up or thumbs down in the right column.

• Git repository of IPtbalesTNG was born

  IPtables-TNG ( The Next Generation of IPtables) is An environment that can use from different packet classification algorithm (eg. tuple) with "iptables" to support large rulesets (more than 10,000 rules) for high bandwidth networks. Interactivity is one of the best feature of this version. Like of any open source project, this git repository has been prepared to share project source and activities with others. You can see recent & ongoing works on IPtablestng. I chose git because of open source projects and communities(specially kernel community) interest in this package. You can find more about this repository at: http://iptablestng.wiki.sourceforge.net/GIT+Repository To achieve more information about IPtablesTNG please visit the project wiki: http://iptablestng.wiki.sourceforge.net/ and also the project home at: http://sourceforge.net/projects/iptablestng/ best regards ..

  posted by jafarian 335 days ago

• IPtables-tng (pkttables) iptables-tng Ver2.1.1 (kernel-2.6.25) file released: IPtablestng-V2.1.1-Beta-rc03.tar.bz2

  changes from IPtables-tng V2.1: commit 4ea2ab4371cac5b8e6061df659e880150e114976 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Mon Feb 2 22:35:47 2009 +0330 follow netns concepts because of netns concepts, we saved pointers of the tables in the "net" structure instead of use of local variable (regtable structure) commit d989886440668615b34e04e2ae8ea3aa2a4b42b4 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 15:57:26 2009 +0330 satisfy unsigned rank comparison and next_match rule traverse(url classifier) bugs. use "list_for_each_entry_continue" in the next_match function to continue traverse of rules. also use sign comparison for ranks instead of unsigned comparison. commit d2e21432a00f8685ff821630f85bf09265e632a8 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 15:23:24 2009 +0330 resolve bug in comparing unsigned ranks (tuple classifier) because of unsigned ranks, minus (little value) values was bigger then positives. thus compare is converted to signed compare. also one mistake in "161913" commit is corrected (inv flags). commit e61ea8f641c72becb2d7443e6d15ffbf96cccc12 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 11:46:20 2009 +0330 new hash function for tupel classifier using "sdbm" hash function for tuple classifier to achive better distribution commit 161913666561a3d615178f226c01407316a21dc8 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 11:14:25 2009 +0330 add support of some inverse flags to tuple classifier support of "in/out/ interfaces and also protocol for tuple classifier, before that, thay was illegal inverse flags. commit 73feeeeb756e325fe06f4f970e0ee1018ead06f0 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Wed Jan 28 22:24:40 2009 +0330 forbidden manage of returned XT_CONTINUE from some targets like MARK by this, the packets will DROPs in chains that packet reach a rule with this targets. hi arises because of independent definition of PKTT_CONTINUE. Reported by: charon lee commit 83edbcc60b4d01ceea8eee870315a3c892a4ff5f Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Sun Jan 25 20:15:30 2009 +0330 correct some format issues for printk for "sizeof" operator, "%Z" modifier is used and for rank "%llu" is used. base on a test, output of "sizeof" operator in 64bit was "u64" and on 32bit was "u32". commit 2b8c9e0c6e87bb850d7d3e7e365fa2bd090fbfc8 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Sat Jan 24 23:00:50 2009 +0330 solve bug in transform of target to kernel because of one byte decrement of the name element in xt_entry_taget, the memset function that is inherited from previous development (in libiptc.c), zeroed the revision element of the target. thus in the kernel an incompatible version of the target been selected for him. reported by: charon lee commit 3577b66961b5581520559ae589c4abccf6a9f064 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 23 14:36:23 2009 +0330 solve alignment bug in 64bit systems this was an alignment bug that has been reported in 64bit systems: reported by: Charon Lee report link: http://sourceforge.net/forum/forum.php?thread_id=2866123&forum_id=764571

  posted 338 days ago

• IPtablestng version 2.1.1 for kernel-2.6.25 released

  IPtables-TNG (The Next Generation of iptables) is an environment that can use from different packet classification algorithms (eg. tuple) to support large rulesets (more than 10,000 rules) for high bandwidth networks. This release fixes some bugs in IPtablestng-V2.1. After release of V2.1 with new architecture and also a new classifier (url classifier to filter http packets base on domain name) for kernel2.6.25, this release fixes some bugs in V2.1. As a summary, this fixes contain: - solve alignment bug in 64bit systems(now Iptablestng is ready for 64 bit systems), - satisfy unsigned rank comparison and next_match rule traverse (in url classifier) bugs - forbidden manage of returned XT_CONTINUE from some targets like MARK (his affect was packets drops when packets reach targets like MARK) and .... This release also uses better hash function for tuple classifier. To see complete list of changes: http://p.sf.net/iptablestng/V2-1-1-log IPtablestng v2.1.1 download page: http://p.sf.net/iptablestng/V2-1-1 To achieve more information about this project visit project wiki: http://iptablestng.wiki.sourceforge.net/ best regards.

  posted by jafarian 338 days ago

• IPtables-tng (pkttables) iptables-tng Ver2.1.1 (kernel-2.6.25) file released: IPtablestng-V2.1.1-patch-for-IPtablestng-V2.1.tar.bz2

  changes from IPtables-tng V2.1: commit 4ea2ab4371cac5b8e6061df659e880150e114976 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Mon Feb 2 22:35:47 2009 +0330 follow netns concepts because of netns concepts, we saved pointers of the tables in the "net" structure instead of use of local variable (regtable structure) commit d989886440668615b34e04e2ae8ea3aa2a4b42b4 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 15:57:26 2009 +0330 satisfy unsigned rank comparison and next_match rule traverse(url classifier) bugs. use "list_for_each_entry_continue" in the next_match function to continue traverse of rules. also use sign comparison for ranks instead of unsigned comparison. commit d2e21432a00f8685ff821630f85bf09265e632a8 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 15:23:24 2009 +0330 resolve bug in comparing unsigned ranks (tuple classifier) because of unsigned ranks, minus (little value) values was bigger then positives. thus compare is converted to signed compare. also one mistake in "161913" commit is corrected (inv flags). commit e61ea8f641c72becb2d7443e6d15ffbf96cccc12 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 11:46:20 2009 +0330 new hash function for tupel classifier using "sdbm" hash function for tuple classifier to achive better distribution commit 161913666561a3d615178f226c01407316a21dc8 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 30 11:14:25 2009 +0330 add support of some inverse flags to tuple classifier support of "in/out/ interfaces and also protocol for tuple classifier, before that, thay was illegal inverse flags. commit 73feeeeb756e325fe06f4f970e0ee1018ead06f0 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Wed Jan 28 22:24:40 2009 +0330 forbidden manage of returned XT_CONTINUE from some targets like MARK by this, the packets will DROPs in chains that packet reach a rule with this targets. hi arises because of independent definition of PKTT_CONTINUE. Reported by: charon lee commit 83edbcc60b4d01ceea8eee870315a3c892a4ff5f Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Sun Jan 25 20:15:30 2009 +0330 correct some format issues for printk for "sizeof" operator, "%Z" modifier is used and for rank "%llu" is used. base on a test, output of "sizeof" operator in 64bit was "u64" and on 32bit was "u32". commit 2b8c9e0c6e87bb850d7d3e7e365fa2bd090fbfc8 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Sat Jan 24 23:00:50 2009 +0330 solve bug in transform of target to kernel because of one byte decrement of the name element in xt_entry_taget, the memset function that is inherited from previous development (in libiptc.c), zeroed the revision element of the target. thus in the kernel an incompatible version of the target been selected for him. reported by: charon lee commit 3577b66961b5581520559ae589c4abccf6a9f064 Author: Hamid Jafarian (hm.t.) <hamid.jafarian@gmail.com> Date: Fri Jan 23 14:36:23 2009 +0330 solve alignment bug in 64bit systems this was an alignment bug that has been reported in 64bit systems: reported by: Charon Lee report link: http://sourceforge.net/forum/forum.php?thread_id=2866123&forum_id=764571

  posted 338 days ago

• File released: /IPtables-tng (pkttables)/iptables-tng Ver2.1.1 (kernel-2.6.25)/IPtablestng-V2.1.1-Beta-rc03.tar.bz2

  posted 338 days ago

• File released: /IPtables-tng (pkttables)/iptables-tng Ver2.1.1 (kernel-2.6.25)/IPtablestng-V2.1.1-patch-for-IPtablestng-V2.1.tar.bz2

  posted 338 days ago

• URL Classifier for IPtablestng-V2.1(kernel-2.6.25) released

  URL Classifier; an special purpose classifier for IPtablestng-V2.1 (kernel2.6.25.*), for filtering &amp;quot;http packets&amp;quot; traffics base on their domain names is ready. You can filter http packets with one iptables rule: e.g. to filter www.xxx.com on MY_CHAIN: # iptables -A MY_CHAIN -m url --url www.xxx.com -j DROP Best regards

  posted by jafarian 404 days ago

• IPtables-tng (pkttables) iptables-tng Ver2.1 (kernel-2.6.25.*) file released: url-classifier-for-IPtablestngV2.1.tar.bz2

  IPtablestng-V2.1 is for: - kernel-2.6.25.* - iptables-1.4.1 2008-11-30: release of URL classifier (filter http packets base on domain name) for IPtablestng-V2.1 (kernel-2.6.25.*)

  posted 405 days ago

• File released: /IPtables-tng (pkttables)/iptables-tng Ver2.1 (kernel-2.6.25._)/url-classifier-for-IPtablestngV2.1.tar.bz2

  posted 405 days ago

• The IPtables-tng: Ver2.1 for kernel-2.6.25.* released

  iptables-TNG ( The Next Generation of iptables) An environment that can use from different packet classification algorithm (eg. tuple) to support large rulesets (more than 10,000 rules) for high bandwidth networks. New release of iptables-tng for kernel-2.6.25 and iptables-1.4.1 is ready. i hope that You can use kernel patches for 2.6.25.* (i test on .9 and .10).

  posted by jafarian 442 days ago