Main features

  • Usage analogous to iptables.
  • Ethernet filtering.
  • MAC NAT: ability to alter the MAC Ethernet source and destination address. This can be useful in some very strange setups (a real-life example is available).
  • Brouting: decide which traffic to bridge between two interfaces and which traffic to route between the same two interfaces. The two interfaces belong to a logical bridge device but have their own IP address and can belong to a different subnet.
  • Pass packets to userspace programs, using netlink sockets (the ulog watcher).