- Usage analogous to iptables.
- Ethernet filtering.
- MAC NAT: ability to alter the MAC Ethernet source and
destination address. This can be useful in some very strange
setups (a real-life example is available).
- Brouting: decide which traffic to bridge between two
interfaces and which traffic to route between the same two
interfaces. The two interfaces belong to a logical bridge
device but have their own IP address and can belong to a
- Pass packets to userspace programs, using netlink sockets
(the ulog watcher).