This project will attempt to create a good object oriented connection to libiptc, the NetFilter C library, through a C extension to Ruby. This will hopefully make it simpler to create a firewall solution in Ruby.
The advantage of directly using libiptc instead of wrapping iptables is the possibility to manage a large set of filter rules efficiently. If you call iptables the kernel copies all rules of a table to userspace, iptables makes one change and kernel copies the whole table back, which is very slow for large rule sets. With libiptc you can make changes in batches, the kernel have to copy the filter rules to userspace and back only once.
To get the sourcecode from the iptcext repository, follow the instructions.
Your patches, suggestions, bugreports and any other kind of help is always welcome, please contact the iptcext-general mailing list.
The following items are some bits that needs to be done: