Performance Testing of Linux Firewalls

Abstract

Netfilter framework for many years was used in Linux based systems for packet filtering, network address translations, port translations and others networking related operations. Since introduction in 1998 Netfilter’s user-space utility iptables became main tool for managing firewall rules in Linux environments. In 2014 Netfilter developers released nftalbes utility which was supposed to replace some legacy Netfilter/iptables functions. However, it is still not replaced iptables as default firewalling tool due number of reasons. One of them is performance. This paper is focused on comparing packet filtering performance of iptables and nftables in different chains and tables.