-{ Quote: "The Netfilter (http://netfilter.org/) development team's Patrick McHardy has released an alpha version of nftables (http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/28922), a new firewall implementation for the Linux kernel, with a user space tool for controlling the firewall. nftables introduces a fundamental distinction between the user space defined rules and network objects in the kernel: the kernel component works with generic data such as IP addresses, ports and protocols and provides some generic operations for comparing the values of a packet with constants or for discarding a packet.
(...)" }-
http://www.h-online.com/security/New-firewall-for-the-Linux-kernel--/news/112897